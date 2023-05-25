International
Chinese malware hits systems in Guam. Is Taiwan the real target?
Around the time the FBI was examining equipment recovered from the Chinese spy balloon that crashed off the coast of South Carolina in February, US intelligence agencies and Microsoft discovered what they feared was a more troubling intruder: mysterious computer code appearing on systems of telecommunications in Guam and elsewhere in the United States.
The code, which Microsoft said was installed by a group of Chinese government hackers, raised alarm because Guam, with its Pacific ports and large US air base, would be a central part of any US military response to an invasion. or the blockade of Taiwan. The operation was carried out in great secrecy, sometimes bypassing home routers and other common consumer devices connected to the Internet, to make the intrusion more difficult to trace.
The code is called a web shell, in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that haven’t had updated software and security.
Unlike the balloon that mesmerized Americans as it pirouetted over sensitive nuclear sites, computer code could not be crashed on live television. So instead, Microsoft on Wednesday code details published that would make it possible for corporate users, manufacturers and others to detect and remove it. In a coordinated release, the National Security Agency along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada issued a 24-page advisory that referred to Microsoft’s finding and offered broader warnings about a recently discovered set of activities from China.
Microsoft called the hacking group Volt Typhoon and said it was part of a Chinese state-sponsored effort targeting not only critical infrastructure such as communications, electric utilities and gas, but maritime operations and transportation. The intrusions looked, for now, like an espionage campaign. But the Chinese can use the code, which is designed to pierce firewalls, to enable devastating attacks if they want to.
So far, Microsoft says, there is no evidence that the Chinese group has used access for any offensive attacks. Unlike Russian groups, Chinese intelligence and military hackers typically prioritize espionage.
In interviews, administration officials said they believed the code was part of a larger Chinese intelligence-gathering effort involving cyberspace, outer space and, as the Americans discovered with the balloon incident, the lower atmosphere.
The Biden administration has refused to discuss what the FBI found when it examined the equipment taken from the balloon. But the craft, better described as a large aerial vehicle, apparently included specialized radar and communications interception equipment that the FBI has been examining since the balloon crash.
It is unclear whether the governments’ silence about its balloon finding is motivated by a desire to keep the Chinese government from knowing what the United States has learned or to overcome the diplomatic fallout that followed the incursion.
On Sunday, speaking at a press conference in Hiroshima, Japan, President Biden referred to how the balloon incident had paralyzed the already frozen exchanges between Washington and Beijing.
And then this stupid balloon that was carrying two truckloads worth of spy equipment was flying over the United States, he told reporters, and it crashed and everything changed in terms of talking to each other.
He predicted that relations would begin to thaw very soon.
China has never acknowledged the hacking of American networks, even in the biggest example: the theft of security clearance files of approximately 22 million Americans, including six million sets of fingerprints from the Office of Personnel Management during the Obama administration. This data exfiltration took the better part of a year and resulted in an agreement between President Barack Obama and President Xi Jinping that resulted in a brief decline in Chinese malicious cyber activity.
On Wednesday, China sent a warning to its companies to be vigilant against US hackers. And there’s been plenty of that, too: in documents released by Edward Snowden, the former NSA contractor, there was evidence of American efforts to hack the systems of Huawei, the Chinese telecommunications giant, and military and leadership targets.
Telecommunications networks are key targets for hackers, and the system in Guam is particularly important to China because military communications are often routed into commercial networks.
Tom Burt, the executive who oversees Microsoft’s threat intelligence unit, said in an interview that the company’s analysts, many of them veterans of the National Security Agency and other intelligence agencies, had found the code while investigating intrusion activity affecting in an American port. As they tracked down the intrusion, they found other networks that were hit, including some in Guam’s telecommunications sector.
Anne Neuberger, deputy national security adviser for cyber and emerging technology, said covert efforts like the activity exposed today are part of what drives our focus on the security of telecom networks and the urgency to use trusted vendors, equipment who have met established cyber security standards. .
Ms. Neuberger has led a federal government-wide effort to implement new cybersecurity standards for critical infrastructure. Officials were surprised by the extent of vulnerabilities in such infrastructure when a Russian ransomware attack on the Colonial Pipeline in 2021 disrupted the flow of gasoline, diesel and jet fuel to the East Coast. In the wake of the attack, the Biden administration used the little-known powers of the Transportation Security Administration, which regulates pipelines, to force private-sector companies to follow a series of cybersecurity mandates.
Now Ms. Neuberger is leading what she called a relentless focus on improving the cybersecurity of our pipelines, rail systems, water systems and other critical services, including mandates on cybersecurity practices for these sectors and greater cooperation. closely with companies with unique visibility into threats to such infrastructure.
These firms include Microsoft, Google, Amazon and many telecommunications firms that may see activity on local networks. Intelligence agencies, including the NSA, are prohibited by law from operating within the United States. But the NSA is allowed to release warnings, as it did Wednesday, along with the FBI and the Department of Homeland Security’s Cyber Infrastructure and Security Administration.
The agencies’ report is part of a relatively new move by the U.S. government to quickly release such data in hopes of squelching operations like the one mounted by the Chinese government. In years past, the United States typically kept such information sometimes classified and shared it only with certain companies or organizations. But this almost always ensured that hackers could stay well ahead of the government.
In this case, it was the focus on Guam that particularly caught the attention of officials who are assessing China’s capabilities and willingness to attack or subdue Taiwan. Mr. Xi has ordered the People’s Liberation Army to be able to take the island by 2027. But the director of the CIA, William J. Burns, has pointed out to Congress that the order does not mean he has decided to carry out an invasion.
In dozens of U.S. tabletop exercises conducted in recent years to determine what such an attack might look like, one of China’s first anticipated moves would be to disrupt U.S. communications and slow the United States’ ability to answered. So the exercises envisage attacks on satellite and ground communications, especially around US installations where military assets would be mobilized.
None is bigger than Guam, where Andersen Air Force Base would be the launch point for many of the Air Force’s missions to help defend the island, and a Navy port is essential for U.S. submarines.

