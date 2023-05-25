Around the time the FBI was examining equipment recovered from the Chinese spy balloon that crashed off the coast of South Carolina in February, US intelligence agencies and Microsoft discovered what they feared was a more troubling intruder: mysterious computer code appearing on systems of telecommunications in Guam and elsewhere in the United States.

The code, which Microsoft said was installed by a group of Chinese government hackers, raised alarm because Guam, with its Pacific ports and large US air base, would be a central part of any US military response to an invasion. or the blockade of Taiwan. The operation was carried out in great secrecy, sometimes bypassing home routers and other common consumer devices connected to the Internet, to make the intrusion more difficult to trace.

The code is called a web shell, in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that haven’t had updated software and security.

Unlike the balloon that mesmerized Americans as it pirouetted over sensitive nuclear sites, computer code could not be crashed on live television. So instead, Microsoft on Wednesday code details published that would make it possible for corporate users, manufacturers and others to detect and remove it. In a coordinated release, the National Security Agency along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada issued a 24-page advisory that referred to Microsoft’s finding and offered broader warnings about a recently discovered set of activities from China.