A Chinese government-operated espionage group has hacked into critical systems in multiple locations in the United States, including the island territory of Guam. Microsoft detected a mysterious computer code appearing in different telecommunications systems.
Installing Surveillance Malware
Microsoft and the National Security Agency have revealed that China may have conducted digital espionage against the United States Pacific interests. According to a report from Engadget, the Chinese government-operated hacking group Volt Typhoon installed surveillance malware in critical systems on the island of Guam.
Despite no destruction o electronic data or equipment, this raised alarms since Guam would be a centerpiece of any American air base, especially since this is where the country's Pacific ports and air base are located.
The operation was done carefully and flowed through home routers and other common consumer devices connected to the internet. Home routers are vulnerable when it comes to these things, mostly for older models that have not had any updated software and protections.
The code of the malware is named "web shell". Microsoft researchers believe that they could be laying the groundwork to disrupt communications between North America and Asia during the event of a confrontation regarding military discussions. Volt Typhoon could also apply the same techniques against other nations.
Cybersecurity and Infrastructure Security Agency. Jen Easterly stated, "Today's advisory highlights China's continued use of sophisticated means to target our nation's critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity."
Government-Supported Volt Typhoon
The New York Times reported that Chinese intelligence and military hackers prioritize espionage. Volt Typhoon was part of a government-supported effort of China, aiming for critical infrastructure like communications, electric, gas utilities, maritime operations, and transportation.
Microsoft argued that the intrusions were an espionage campaign for now. However, there is no evidence that the Chinese group used its access for any offensive attacks. The country could still use the code to enable destructive attacks in the future, as the code is designed to disable firewalls.
Microsoft, NSA's Response
Both Microsoft and NSA are publishing information that could help potential victims of this attack to remove the work of the Volt Typhoon to their respective routers. But they also warn that avoiding these intrusions could be hard for them as it requires closing or changing affected accounts for their safety.
Most likely, The Washington Post reported that owners are less likely required to install protective software updates for web browsers, laptop operating systems, or phones, which all require more interaction.