The cyber attacks were revealed in a joint statement from American and allied intelligence agencies.
It disclosed Volt Typhoon had infiltrated the networks of various sectors, including aviation, rail, mass transit, highway, maritime, pipeline, and water and sewage organisations.
Despite the deep concern about malicious cyber activities from Volt Typhoon, Eric Goldstein, a senior official in the Cybersecurity and Infrastructure Security Agency, said: “Most of the victims we have identified have no legitimate espionage value.”
The statement revealing the hacking was co-signed by the US National Security Agency, US cyber watchdog CISA, the FBI and the Transportation Security Administration.
While the targeted organisations were not named, the intelligence officials noted the hackers had maintained access and footholds within some IT environments for an extended period.
The statement, endorsed by cybersecurity agencies from Britain, Australia, Canada, and New Zealand, echoed previous warnings from US officials about Volt Typhoon, which highlighted fears over its apparent focus on sabotage rather than espionage.
The widespread nature of the cyberattacks prompted meetings between the White House and private technology industry representatives, including telecommunications and cloud computing companies.
US government officials have sought assistance from the tech industry in tracking and countering Volt Typhoon's activities.
The group’s sophisticated botnet that was used to target critical US infrastructure has been dismantled by the FBI.
Volt Typhoon are said to have tried to rebuild it, but were apparently foiled by federal agents this month.
The US Justice Department said the FBI had untethered hundreds of small office/home office (SOHO) routers connected to Volt Typhoon’s KV botnet which it used to conceal internet traffic linked to its malicious activities.
The botnet takedown occurred in December, months after concerns about Volt Typhoon’s stealthy attacks against critical infrastructure were first made public.
Researchers at Lumen’s Black Lotus Labs said over the following month they “null-routed” – blocked – connections between compromised routers and Volt Typhoon’s servers, preventing the botnet being re-established.