Microsoft says China installed malware in US systems in Guam
China may have conducted digital espionage against US interests in the Pacific. Microsoft and the National Security Agency (NSA) have revealed that an alleged state-sponsored Chinese hacking group, Volt Typhoon, installed surveillance malware in “critical” systems on the island of Guam and elsewhere in the United States. UNITED STATES. The group has been operating since mid-2021 and is said to have compromised government organizations as well as communications, manufacturing, education and other sectors.
Volt Typhoon prioritizes stealth, investigators say. It uses “living off the land” techniques that rely on resources already present in the operating system, as well as direct action “on the keyboard”. They use the command line to retrieve credentials and other data, archive the information and use it to remain in the targeted systems. They also try to hide their activity by sending data traffic through small office and home office network hardware that they control, such as routers. Custom tools help them set up a command and control channel through a proxy that keeps their information secret.
The malware was not used for attacks, but the web shell-based approach could be used to damage infrastructure. Microsoft and the NSA are releasing information that could help potential victims detect and remove working Volt Typhoon, but warn that fending off intrusions could be “difficult” as it requires closing or modifying affected accounts.
US officials speaking to The New York Times believe the Guam infiltration is part of a larger Chinese intelligence-gathering system that includes the reported spy balloon that floated at US nuclear sites earlier this year. Guam is of concern because it is home to Andersen Air Force Base, a major station that would likely be used for any US response to a Chinese invasion of Taiwan. It is also a key hub for ships in the Pacific.
The Biden administration has stepped up efforts to protect critical infrastructure, including plans for common security requirements. The United States has been plagued by multiple attacks on vital systems in recent years, including gas pipelines and meat suppliers. The discovery of Volt Typhoon underscores the importance of stronger defenses – malware like this could compromise the US military at a crucial time.