While the Federal Bureau of Investigation was examining equipment recovered from the wreckage of a Chinese spy balloon that crashed off the coast of South Carolina in February, U.S. intelligence agencies and Microsoft discovered what they believed to be more worrisome intrusions. The one was: Mysterious computer code. which is popping up in telecommunications systems on Guam and elsewhere in the United States.
The code, which Microsoft said was installed by a Chinese government hacking group, raised alarm bells because Guam, with its Pacific ports and vast U.S. air base, was vulnerable to an attack or blockade of Taiwan. will be central to any US military response. It was installed stealthily, sometimes bypassing routers and other common consumer devices connected to the Internet, to make intrusions difficult to track.
But unlike The balloon that fascinated Americans. As it performed pirouettes over sensitive nuclear sites, the computer code could not be shot on live television. So instead, Microsoft and the National Security Agency were scheduled Wednesday to publish details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it.
The code is called a “webshell,” in this case a malicious script that enables remote access to the server. Home routers are particularly vulnerable, especially older models that lack updated software and protections.
Microsoft called the hacking group “Volt Typhoon” and said it was part of a state-sponsored Chinese effort to target not only critical infrastructure such as communications, electricity and gas facilities, but also maritime operations and transportation. The interventions, for now, appeared to be spying campaigns. But the Chinese could use the code, which is designed to pierce firewalls, to enable devastating attacks if they wanted to.
Microsoft says there is no evidence so far that the Chinese group has used Access for any offensive attacks. Unlike Russian groups, Chinese intelligence and military hackers generally prefer espionage.
In interviews, administration officials said they believed the regulation was part of a broader Chinese intelligence-gathering effort covering cyberspace, outer space and, as the Americans discovered in the balloon incident, the lower atmosphere.
The Biden administration has declined to discuss what the FBI found during its examination of the material recovered from the balloon. But the craft — better described as a large air vehicle — apparently contained special radar and communications interception equipment that the FBI has been testing since the balloon was shot down. Is.
It is unclear whether the government’s silence about its balloon search is motivated by a desire to prevent the Chinese government from learning what the US has learned or to avoid a diplomatic breach following the intrusion.
On Sunday, speaking at a news conference in Hiroshima, Japan, President Biden cited how the balloon incident had paralyzed an already chilly exchange between Washington and Beijing.
“And then this stupid balloon with two freighters carrying spy equipment was flying over America,” he told reporters, “and it was shot down, and all in terms of talking to each other. Something changed.”
He predicted that relations would “begin to thaw very quickly.”
China has never acknowledged hacking into U.S. networks, even in the most egregious example: the Obama administration’s theft of the security clearance files of nearly 22 million Americans — including six million sets of fingerprints — from the Office of Personnel Management. . The increase in data took the better part of a year, and resulted in an agreement between President Barack Obama and President Xi Jinping that resulted in a slight decrease in China’s malicious cyber activity.
On Wednesday, China sent another warning to its companies to beware of US hacking. And there’s more: Documents released by Edward Snowden, a former NSA contractor, contained evidence of U.S. efforts to hack into Chinese telecommunications giant Huawei, military and leadership targets.
Telecommunications networks are key targets for hackers, and Guam’s system is particularly important to China because military communications often piggyback on commercial networks.
Tom Burt, the executive who oversees Microsoft’s threat intelligence unit, said in an interview that the company’s analysts — many of whom are veterans of the National Security Agency and other intelligence agencies — have “opened the U.S. port Investigating interference activity affecting the” code found. When they traced the intrusion, they found other networks that had been hit, “including some in the telecommunications sector in Guam.”
Microsoft plans to publish a blog post on Wednesday with detailed hints about the code, to allow operators of critical infrastructure to take precautionary measures.
In a related announcement, the NSA is expected to publish a technical report on the widespread Chinese intrusion of US critical infrastructure. The US report is not expected to directly reference the Guam incident reported by Microsoft, but it will describe a wider range of threats of Chinese origin.
The Biden administration is racing to implement newly created minimum cybersecurity standards for critical infrastructure. after the Russian Ransomware Attack on Colonial Pipeline In 2021, which resulted in disruptions to the flow of gasoline, diesel and jet fuel on the East Coast, the administration has used officials from the Transportation Security Administration — which regulates pipelines — to ask private-sector utilities about cybersecurity. to compel compliance with a series of mandates.
A similar process is now underway for water supplies, airports and soon hospitals, all of which have been targeted by hackers in recent days.
The National Security Agency’s report is part of a relatively new initiative by the US government to rapidly publish such data in hopes of inflaming Chinese operations. In years past, the United States generally withheld such information — sometimes classifying it — and shared it with only a select few companies or organizations. But it almost always reassured that hackers could stay ahead of the government.
In this case, it was the focus on Guam that particularly caught the attention of officials assessing China’s capabilities and willingness to attack or strangle Taiwan. Mr Xi has ordered the People’s Liberation Army to be able to capture the island by 2027. But CIA Director William J. Burns noted to Congress that the order “does not mean he has decided to attack.”
Among dozens of U.S. tabletop exercises conducted in recent years to map out what such an attack might look like, one of China’s first anticipated moves is to disrupt U.S. communications and slow the U.S.’s ability to respond. . The exercises therefore envision attacks on satellite and ground communications, particularly around US installations where military assets will be mobilized.
None is bigger than Guam, where Anderson Air Force Base will be the launching point for many Air Force missions to help defend the island, and a vital naval port for U.S. submarines.
