(I'm a Chinese and a software engineer, so it's my obviously-biased 2 cents)
Based on my observation of fellow Chinese software engineers' average knowledge and skills about cyber security, as well as the absolute absent of security considerations of most "SOHO network devices" in China, I would rather apply Hanlon's razor and say that it's not the Chinese attackers, but it's Chinese botnet.
As you may already know, Chinese users and software engineers generally does not care about personal privacy and hence also cyber security, so the entire industry is rather undeveloped.
What on earth would the "average" developer's knowledge and skills in cyber security have anything to do with it? I believe there are enormous quantities of brilliant and well educated people in every major country. China certainly doesn't lack them, nor does the US, Russia, India, Germany, Brazil,m etc.
If you read the CVE description linked you'll notice some details focused on the actual specific product, I have a hard time believing random hackers trying to build a botnet would search out critical infrastructure and burn expensive 0-days for small amounts of compute.
> What on earth would the "average" developer's knowledge and skills in cyber security have anything to do with it?
I may be wrong, but I think the development of an "industry" would depend on the foundation of related education and its popularity in the population. Like if football is not taught in the school and people generally don't play it in a country, it's unlikely to have a team to win in olympics even if the government wants it.
The previous commenter is right. This is related to espionnage and warfare, which every major power (China included) invests in. I believe China values education and sovereignty.
The link between Volt Typhoon and China is not as firmly established as news reports tend to suggest. It's mostly based on tactical attributions (as opposed to operational and strategic ones). China attributes the indicators to a cybercrime group. This blog post has a good summary of the state of evidence (such as it is):
> Black Lotus Labs said it assessed with “medium” confidence that Volt Typhoon was responsible for the compromises, noting the intrusions bear the hallmarks of the Chinese state-sponsored espionage group — including zero-day attacks targeting IT infrastructure providers, and Java-based backdoors that run in memory only.
Who is Natto Thoughts and why should I care? Substack opinions are cheap.
That paragraph you cited simply says that the intrusions bear the hallmarks of Volt Typhoon. It has no bearing on the separate question who Volt Typhoon is.
Analogy: "was this murder committed by Jack the Ripper?" and "who was Jack the Ripper?" are separate questions.
> Who the heck is Natto Thoughts and why should I care?
Regarding attribution to Volt Typhoon please see CISA's previous advisory where they have raised alarms about the targeting of critical internet infrastructure by this threat actor
Based on my observation of fellow Chinese software engineers' average knowledge and skills about cyber security, as well as the absolute absent of security considerations of most "SOHO network devices" in China, I would rather apply Hanlon's razor and say that it's not the Chinese attackers, but it's Chinese botnet.
As you may already know, Chinese users and software engineers generally does not care about personal privacy and hence also cyber security, so the entire industry is rather undeveloped.