Microsoft says China installed malware in US systems in Guam
- In Reports
- 09:51 PM, May 26, 2023
- Myind Staff
Microsoft and Western espionage agencies claim that Chinese hackers attacked vital equipment on American military bases in Guam using "stealthy" malware.
Experts say it's one of the largest known cyber espionage campaigns against the US.
The F.B.I. began looking at the hardware from the Chinese spy balloon that was shot down off the coast of South Carolina in February around the same time that Microsoft and American intelligence agencies discovered a puzzling computer code that was appearing in telecommunications systems in Guam and other parts of the country.
Guam's ports and air bases, a significant US military presence, would be essential to any Western reaction to an Asian conflict.
Microsoft claimed that the code was placed by a Chinese government hacking cell. To make the infiltration tougher to trace, the operation was carried out with tremendous stealth, occasionally passing through home routers and other popular internet-connected consumer devices.
The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.
Beijing has called the Microsoft report "highly unprofessional" and "disinformation".
Microsoft released information on the malware on Wednesday together with the Five Eyes alliance, which consists of the intelligence services of the United States, Australia, Britain, New Zealand, and Canada.
The Five Eyes initiative is a decades-old intelligence-sharing agreement. The partners say they aim to educate critical infrastructure providers and corporate users on how to detect and remove the malware.
Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric, and gas utilities but also maritime operations and transportation.
The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks if they choose.
So far, Microsoft says, there is no evidence that the Chinese group has used the access for any offensive attacks. Unlike Russian groups, Chinese intelligence and military hackers usually prioritize espionage.
Although the US and China frequently accuse one another of spying, experts say the joint Five Eyes statement is significant.
Responding to queries at a Chinese foreign ministry press briefing, spokeswoman Mao Ning called the US the "hacker empire" and dismissed the report as having a "serious lack of evidence chain".
Image source: Getty Images
Comments