[ad_1]
Around the time the FBI was examining equipment recovered from a Chinese spy balloon shot down off the coast of South Carolina in February, American intelligence agencies and Microsoft detected what they feared was an even more worrisome intruder: mysterious computer code that appeared on telecommunications systems in Guam. and elsewhere in the United States.
The code, which Microsoft says was installed by a group of Chinese government hackers, has raised alarm because Guam, with its Pacific ports and vast American air bases, would be at the center of an American military response to an invasion or blockade of Taiwan. The operation is carried out with great stealth, sometimes flowing through home routers and common consumer devices connected to the internet, making the interference more difficult to track.
The code is called a “web shell,” in this case a malicious script that allows remote access to the server. Home routers are especially vulnerable, especially older models that don’t have updated software and protections.
Unlike the balloons that captivate Americans as they pirouette over sensitive nuclear sites, computer code cannot be shot on live television. So, Microsoft on Wednesday published details of the code that will allow enterprise users, manufacturers and others to detect and remove them. In a coordinated release, the National Security Agency – along with domestic agencies and other partners in Australia, the United Kingdom, New Zealand and Canada – published a 24-page advisory that shows Microsoft’s findings and gives more warning about “clusters of activity that have recently been discovered.” China.
Microsoft called the hacking group “Volt Typhoon” and said it was part of a state-sponsored Chinese effort targeting not only critical infrastructure such as communications, electricity and gas utilities, but also operations and maritime transport. The intrusion appears, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to penetrate firewalls, to mount a devastating attack, if they chose.
So far, Microsoft said, there is no evidence that the Chinese group has used access for offensive attacks. Unlike Russian groups, Chinese intelligence and military hackers usually prioritize espionage.
In interviews, administration officials said they believed the code was part of China’s massive intelligence-gathering efforts in cyberspace, outer space and, as the Americans discovered with the balloon incident, the lower atmosphere.
The Biden administration has declined to discuss what the FBI found when it examined the equipment recovered from the balloon. But the craft — better described as an enormous aerial vehicle — includes special radar and communications interception devices that the FBI has been scrutinizing since the balloon was shot down.
It is unclear whether the government’s silence on the balloon’s findings was motivated by a desire to keep the Chinese government from knowing what the United States had learned or to deal with the diplomatic fallout that followed the attack.
On Sunday, speaking at a press conference in Hiroshima, Japan, President Biden mentioned how the balloon incident has paralyzed the exchange has been frosty between Washington and Beijing.
“Then this ridiculous balloon that carried the spying equipment of two freight cars in the United States,” he told reporters, “and shot down, and everything changed about talking to each other.”
He predicted that the relationship would “start very quickly.”
China has never acknowledged hacking into American networks, even in its biggest example: the theft of security clearance files of about 22 million Americans — including six million sets of fingerprints — from the Office of Personnel Management during the Obama administration. The exfiltration of the data took the better part of a year, and resulted in an agreement between President Barack Obama and President Xi Jinping that led to a reduction in China’s nefarious cyber activities.
On Wednesday, China sent a warning to companies to be wary of American hacking. And there is more: In the documents released by Edward Snowden, a former NSA contractor, there is evidence of American attempts to hack into the systems of Huawei, the Chinese telecommunications giant, and military and leadership targets.
Telecommunications networks are a prime target for hackers, and systems in Guam are particularly important to China because military communications often overwhelm commercial networks.
Tom Burt, an executive who oversees Microsoft’s threat intelligence unit, said the company’s analysts – many of whom are veterans of the National Security Agency and other intelligence agencies – discovered the code “while investigating intrusion activity affecting US ports.” While tracing the outage, he found other networks affected, “including some in the telecommunications sector in Guam.”
Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said that secretive efforts “like the activities presented today are part of our focus on the security of telecommunications networks and the urgency of using trusted vendors” whose equipment has been specified. cyber security standards.
Mrs. Neuberger has been spearheading efforts across the federal government to implement new cybersecurity standards for critical infrastructure. Officials were shocked by the vulnerability in the infrastructure when a Russian ransomware attack on the Colonial Pipeline in 2021 disrupted the flow of gasoline, diesel and jet fuel on the East Coast. After the attack, the Biden administration used the power of the Transportation Security Administration — which regulates pipelines — to force private-sector utilities to follow a series of cybersecurity mandates.
Now Ms. Neuberger is driving what he calls a “relentless focus on improving the cybersecurity of pipelines, rail systems, water systems and other critical services,” including a mandate on cybersecurity practices for the sector and closer collaboration with companies with “unique visibility.” ” is a threat to that infrastructure.
These companies include Microsoft, Google, Amazon, and many telecommunications companies that can see their activity on their domestic networks. Intelligence agencies, including the NSA, are prohibited by law from operating in the United States. But the NSA is allowed to issue warnings, as it did Wednesday, along with the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Administration.
The agency’s report is part of a relatively recent move by the U.S. government to release such data as quickly as possible in hopes of igniting operations similar to those of the Chinese government. In past years, the United States has typically withheld such information — sometimes classified — and shared it with only a select few companies or organizations. But it almost always guarantees that hackers can stay ahead of the government.
In this case, the focus on Guam has particularly drawn the attention of officials assessing China’s ability — and willingness — to attack or annex Taiwan. Mr. Xi has ordered the People’s Liberation Army to retake the island by 2027. But the CIA director, William J. Burns, has noted to Congress that the order “does not mean that he has decided to carry out an invasion.”
In dozens of US tabletop exercises conducted in recent years to map out the attack, one of the first steps China anticipated was to cut off American communications and slow the United States’ ability to respond. So the exercise represents an attack on satellite and ground communications, especially around American installations where military assets will be mobilized.
None is bigger than Guam, where Andersen Air Force Base will be the launch point for many Air Force missions to defend the island, and a vital Navy port for American submarines.
[ad_2]
Source link