The Typhoon Inside the Grid: How China's Cyber Armies Are Pre-Positioning for War
Salt Typhoon and Volt Typhoon haven't just been spying — they've been building a kill switch inside American infrastructure. Here's what the investment map looks like when cyber warfare becomes the new deterrence.
China has been inside America's critical infrastructure for years. Not stealing data. Waiting.
That is the most unsettling conclusion from the ongoing fallout of the "Typhoon" cyber campaigns — a series of sophisticated intrusions by Chinese state-sponsored hacking groups that have burrowed deep into U.S. telecom networks, power grids, water utilities, and port systems. The operations, tracked by U.S. intelligence under codenames Salt Typhoon and Volt Typhoon, represent a fundamental shift in how great-power conflict is being waged — not with missiles, but with malware sitting dormant inside your electricity provider.
The scale is staggering. Salt Typhoon alone compromised over 600 organizations across 80 countries since 2019, with fresh breaches confirmed as recently as March 2026. Volt Typhoon has quietly pre-positioned itself inside U.S. energy utilities and port infrastructure — not to steal secrets, but to have the capability to cause disruption on demand. As of early 2026, researchers confirm it is still there.
What makes this moment different is not just the persistence of the intrusions — it is the addition of artificial intelligence to the attacker's toolkit. AI is now automating what used to require armies of human hackers: scanning for vulnerabilities, generating convincing phishing lures, adapting malware in real time to evade detection. By early 2025, nearly 40% of cyberattacks were estimated to involve AI-driven components. That number is accelerating.
The Strategic Logic Behind the Intrusions
Understanding why China is doing this requires understanding the geopolitical context. Volt Typhoon's operations are explicitly tied to Taiwan contingency planning, according to U.S. intelligence assessments. The logic is straightforward: if conflict erupts over Taiwan, China wants the ability to paralyze U.S. logistics, communications, and energy infrastructure simultaneously — creating enough chaos domestically to complicate any military response.
This is not espionage in the traditional sense. It is pre-positioning for wartime sabotage. The distinction matters enormously for how the U.S. — and investors — should think about the threat.
Salt Typhoon, meanwhile, targeted telecommunications infrastructure with a different but equally alarming goal: real-time interception of communications. The compromises gave Chinese intelligence the ability to monitor phone calls, track locations, and — most critically — intercept communications from U.S. government officials and intelligence personnel. Senate Commerce Committee hearings in December 2025 concluded bluntly that U.S. communications networks "remain vulnerable."
The response from Washington has been a patchwork of CISA alerts, FCC rule changes, NSA guidance, and Treasury sanctions against linked hackers — necessary steps, but widely regarded as insufficient against an adversary that has spent years methodically mapping American digital infrastructure.
This is where the analysis gets actionable. AlphaBriefing members get the full investment framework — scenarios, positioning, and the bottom line.
Subscribe to AlphaBriefing — Free, Member, and Paid tiers available.