Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target?
Last edited Wed May 24, 2023, 08:05 PM - Edit history (1)
Source: New York Times
Around the time that the F.B.I. was examining the equipment recovered from the Chinese spy balloon shot down off the South Carolina coast in February, American intelligence agencies and Microsoft detected what they feared was a more worrisome intruder: mysterious computer code appearing in telecommunications systems in Guam and elsewhere in the United States.
The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. The operation was conducted with great stealth, sometimes flowing through home routers and other common internet-connected consumer devices, to make the intrusion harder to track. The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.
Unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft on Wednesday published details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it. In a coordinated release, the National Security Agency — along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada — published a 24-page advisory that referred to Microsoft’s finding and offered broader warnings about a “recently discovered cluster of activity” from China.
Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.
Read more: https://www.nytimes.com/2023/05/24/us/politics/china-guam-malware-cyber-microsoft.html
They have been getting hit with a Typhoon at the moment.
Link to NSA Advisory ((PDF) in coordination with Australia, Britain, New Zealand and Canada) - https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Article updated.
Original article -
The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. It was installed with great stealth, sometimes flowing through routers and other common internet-connected consumer devices, to make the intrusion harder to track.
But unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft and the National Security Agency were set on Wednesday to publish details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it. The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.
Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.
= new reply since forum marked as read
then that means it's "classified". 
Why would they go around spouting sordid details to the media about vulnerabilities?
We have an "Agent Mike" around these parts. 