How Typhoon APTs Infiltrate Infrastructure Without Leaving a Trace by Lucie Cardiet

The report profiles three Chinese state-linked APT clusters (Volt, Flax, Salt Typhoon) that carry out covert, long-duration intrusions against telecom, utilities, government, and ISP backbones worldwide. Rather than deploying obvious malware, they rely on living-off-the-land techniques, compromised routers, legitimate VPNs, and in some cases kernel-level implants to maintain persistence, conduct surveillance, and pre-position for disruption — forcing defenders to prioritize behavior-based detection.