Unlike the attention-grabbing Chinese spy balloon, which garnered sensationalized media coverage earlier this year, this recently uncovered espionage incident is causing even greater alarm among authorities.

As millions of American watch the dramatic shot down of the spy balloon that was reportedly equipped with surveillance and believed to be an equipment part of China’s intelligence-gathering program, US Intelligence agencies and tech giant Microsoft found an unknown computer code stealthily traversing over telecommunication systems in Guam. It also appears to be weaving through other network locations across the state.

Microsoft released a detailed report last week, determining that a hacking group associated with the Chinese government installed the mysterious code that aimed to target American critical infrastructure organizations, subsequently causing significant concern.

The report noted that a group called “Volt Typhoon” is responsible for the cyberattack, a known state-sponsored Chinese hacker that generally focuses on espionage and information-gathering initiatives. Based on the assessment of the tech giant, the group appears to be pursuing a potential to “disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Microsoft uncovered the code in question, identifying it as a “web shell,” a malicious script enabling unauthorized remote server access.

microsoft-report
Volt Typhoon attack diagram according to Microsoft report (Screenshot via Microsoft)

Reporting on the findings, The New York Times explained that the installed stealthy code can often infiltrate home routers and other commonly used internet-connected consumer devices, particularly older models susceptible to such vulnerabilities due to the lack of software and security update.

Compared to the spy balloon that can be seen even from hundreds of miles away, the malicious script is not easily visible and is especially hard to be traced by non-technical users. Even investigators who are experts in the field have gone through the complexities of the tracking process to uncover it due to the additional layer it possesses.

Besides major network infrastructures, the malicious code is also capable of going through regular communication grids, such as electric and gas utilities, that could interfere with maritime operations and transportation systems, NYT said.