Global Courant 2023-05-25 00:58:05
China may have engaged in digital espionage against US interests in the Pacific. Microsoft and the National Security Agency (NSA). revealed that an alleged state-sponsored Chinese hacking group, Volt Typhoon, installed surveillance malware in “critical” systems on the island of Guam and elsewhere in the US. The group has been operating since mid-2021 and has reportedly compromised government organizations as well as communications, manufacturing, education and other sectors.
Volt Typhoon prioritizes stealth, according to the researchers. It uses “living off the land” techniques that rely on resources already in the operating system, as well as direct “hands-on-keyboard” action. They use the command line to scrape credentials and other data, archive the information and use it to remain in targeted systems. They also try to mask their activity by sending data traffic through small and home office networking hardware they control, such as routers. Custom tools help them establish a command and control channel through a proxy that keeps their information secret.
The malware has not been used for attacks, but its web-shell approach can be used to damage infrastructure. Microsoft and the NSA are publishing information that could help potential victims track down and remove Volt Typhoon’s work, but they warn that fighting off intruders can be “challenging” as it requires closing or changing affected accounts .
US officials speak to The New York Times believe the Guam infiltration is part of a larger Chinese intelligence-gathering system, including the reported spy balloon hovering over US nuclear sites early this year. The focus on Guam is concerning because it is home to Andersen Air Force Base, a key station that would likely be used for any U.S. response to a Chinese invasion of Taiwan. It is also an important hub for Pacific ships.
The Biden administration has ramped up efforts to protect critical infrastructure, including plans for common safety requirements. The US has fallen prey to multiple attacks on vital systems in recent years, including gas pipes And meat suppliers. The discovery of the Volt Typhoon underlines the importance of tougher defenses – malware like this could endanger the US military at a critical time.
