While the FBI was investigating the equipment recovered from the Chinese spy balloon shot down off the coast of South Carolina in February, American intelligence agencies and Microsoft discovered what they feared was a more dangerous intruder: a mysterious computer code appearing in telecommunications systems in Guam and elsewhere in the US. Guam is strategically crucial since it is home to one of the United States’ largest air bases.
The software, which Microsoft alleged was planted by a Chinese government hacking outfit, caused worry since Guam, with its Pacific ports and big American air base, would be the focal point of any American military response to a Taiwan invasion or blockade. To make the incursion more difficult to track, the action was carried out with tremendous stealth, often passing through home routers and other popular internet-connected consumer devices, reported the New York Times.
What is the malware capable of?
The hackers were seen employing “web shell,” a malicious application that permits remote access to a system. Home routers are particularly vulnerable, especially older models with outdated software and security.
Unlike the balloon that enthralled Americans as it performed pirouettes above critical nuclear installations, the computer code could not be shot down on live television.
Instead, Microsoft disclosed the code’s contents on Wednesday, allowing business users, manufacturers, and others to locate and remove it.
The National Security Agency, along with other domestic agencies and intelligence counterparts in Australia, the United Kingdom, New Zealand, and Canada (known as the Five Eyes), issued a 24-page alert referring to Microsoft’s discovery and issuing broader cautions about a “recently discovered” vulnerability.
‘Volt Typhoon’ is a video game
Microsoft named the hacking group “Volt Typhoon” and said it was part of a state-sponsored Chinese assault aimed not only at essential infrastructure such as communications, electric and gas utilities but also at marine operations and transportation. For the time being, the breaches appeared to be part of a spying operation.
The Chinese, on the other hand, might use the code, which is designed to break firewalls, to conduct catastrophic attacks if they so desire.
According to Microsoft, there is no evidence that the Chinese entity has used the access for hostile attacks thus far. Unlike Russian organizations, Chinese intelligence and military hackers primarily prioritize espionage.
Administration officials said in interviews that they feared the code was part of a broader Chinese intelligence-gathering campaign that encompassed the internet, outer space, and, as the balloon incident revealed, the lower atmosphere.
The administration of Joe Biden’s response
The Biden administration has declined to reveal what the FBI learned during their investigation of the equipment recovered from the balloon. The craft, which is more accurately described as a huge flying vehicle, appears to have included specialized radars and communications eavesdropping equipment, which the FBI has been probing since the balloon was shot down.
It is unclear whether the administration’s silence on its discovery of the balloon stems from a desire to prevent the Chinese government from discovering what the US has uncovered or from a desire to move past the diplomatic snub that accompanied the discovery.
President Biden remarked at a press conference in Hiroshima, Japan, on Sunday that the balloon incident has paralyzed Washington-Beijing relations, which were already strained.
“And then this silly balloon that was carrying two freight cars’ worth of spying equipment was flying over the United States,” he told reporters.
“And it got shot down, and everything changed in terms of talking to one another,” he added.
Even in the most serious case, the theft of security clearance data from the Office of Personnel Management under the Obama administration, involving six million sets of fingerprints, China has never admitted to hacking into American networks.
It took nearly a year for that data exfiltration to culminate in an agreement between President Barack Obama and President Xi Jinping, which resulted in a minor decrease in harmful Chinese cyber activity.
Tabletop workouts
According to the New York Times, Tom Burt, executive in charge of Microsoft’s threat intelligence unit, stated in an interview that the code was discovered “while investigating intrusion activity impacting a US port” by the company’s analysts, many of whom had previously worked for the National Security Agency and other intelligence organizations.
Covert operations “like the activity exposed today are part of what’s driving our focus on the security of telecom networks and the urgency to use trusted vendors” whose equipment meets cybersecurity standards, according to Anne Neuberger, the deputy national security adviser for cyber and emerging technology.
In the innumerable tabletop exercises conducted by the US in recent years to mimic such an attack, one of China’s first anticipated measures would be to shut off American communications and limit the US’s ability to retaliate.
As a result, the simulations predict satellite and ground communications strikes, particularly near American cities where military forces may be mobilized.