Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target?
Last edited Wed May 24, 2023, 08:05 PM - Edit history (1)
Source: New York Times
Around the time that the F.B.I. was examining the equipment recovered from the Chinese spy balloon shot down off the South Carolina coast in February, American intelligence agencies and Microsoft detected what they feared was a more worrisome intruder: mysterious computer code appearing in telecommunications systems in Guam and elsewhere in the United States.
The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. The operation was conducted with great stealth, sometimes flowing through home routers and other common internet-connected consumer devices, to make the intrusion harder to track. The code is called a web shell, in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.
Unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft on Wednesday published details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it. In a coordinated release, the National Security Agency along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada published a 24-page advisory that referred to Microsofts finding and offered broader warnings about a recently discovered cluster of activity from China.
Microsoft called the hacking group Volt Typhoon and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.
Read more: https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html
They have been getting hit with a Typhoon at the moment.
Link to NSA Advisory ((PDF) in coordination with Australia, Britain, New Zealand and Canada) - https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Article updated.
Original article -
The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. It was installed with great stealth, sometimes flowing through routers and other common internet-connected consumer devices, to make the intrusion harder to track.
But unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft and the National Security Agency were set on Wednesday to publish details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it. The code is called a web shell, in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.
Microsoft called the hacking group Volt Typhoon and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.
Tetrachloride
(7,914 posts)Upthevibe
(8,115 posts)Alexander Of Assyria
(7,839 posts)Did pirouettes around sensitive nuclear sites
is pure fiction
shameful propaganda..
yet again
how easy it is if determined,
BumRushDaShow
(130,122 posts)and retransmitting comm signals - https://www.nbcnews.com/politics/national-security/china-spy-balloon-collected-intelligence-us-military-bases-rcna77155
I know the military (and other spy orgs) have satellites in orbit that get communicated to and that can transmit to other locations. I even remember when the Atlantis space shuttle would do "classified" missions to launch stuff like that - https://www.smithsonianmag.com/air-space-magazine/secret-space-shuttles-35318554/
Alexander Of Assyria
(7,839 posts)And isnt this an opinion piece?
BumRushDaShow
(130,122 posts)then that means it's "classified".
Why would they go around spouting sordid details to the media about vulnerabilities?
Alexander Of Assyria
(7,839 posts)Classified and national security
terms stretched beyond all meaning by the government that is the Pentagon.
Isnt this an opinion piece?
BumRushDaShow
(130,122 posts)We have an "Agent Mike" around these parts.