Unlike the attention-grabbing Chinese spy balloon, which garnered sensationalized media coverage earlier this year, this recently uncovered espionage incident is causing even greater alarm among authorities.

As millions of American watch the dramatic shot down of the spy balloon that was reportedly equipped with surveillance and believed to be an equipment part of China’s intelligence-gathering program, US Intelligence agencies and tech giant Microsoft found an unknown computer code stealthily traversing over telecommunication systems in Guam. It also appears to be weaving through other network locations across the state.

Microsoft released a detailed report last week, determining that a hacking group associated with the Chinese government installed the mysterious code that aimed to target American critical infrastructure organizations, subsequently causing significant concern.

The report noted that a group called “Volt Typhoon” is responsible for the cyberattack, a known state-sponsored Chinese hacker that generally focuses on espionage and information-gathering initiatives. Based on the assessment of the tech giant, the group appears to be pursuing a potential to “disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Microsoft uncovered the code in question, identifying it as a “web shell,” a malicious script enabling unauthorized remote server access.

microsoft-report
Volt Typhoon attack diagram according to Microsoft report (Screenshot via Microsoft)

Reporting on the findings, The New York Times explained that the installed stealthy code can often infiltrate home routers and other commonly used internet-connected consumer devices, particularly older models susceptible to such vulnerabilities due to the lack of software and security update.

Compared to the spy balloon that can be seen even from hundreds of miles away, the malicious script is not easily visible and is especially hard to be traced by non-technical users. Even investigators who are experts in the field have gone through the complexities of the tracking process to uncover it due to the additional layer it possesses.

Besides major network infrastructures, the malicious code is also capable of going through regular communication grids, such as electric and gas utilities, that could interfere with maritime operations and transportation systems, NYT said.

What’s So Alarming About It?

As mentioned, cybersecurity experts have detected the malicious script weaving through critical telecommunication systems in Guam, a strategically important location where most significant US harbors and air bases, including the largest Pacific ports. These installations would play a substantial role in any potential American military response to China’s invasion or blockade of Taiwan, thus making it an ideal target.

Although the recent intrusion primarily focuses on espionage, investigators have identified the code’s potential to bypass firewalls, raising the probability of destructive cyberattacks.

In its basic definition, a firewall is a security tool that helps keep a user’s computer or network safe from potential threats from the wild west web, known as the Internet. It acts as a digital barrier, thus the name, that also monitors and controls the incoming and outgoing traffic like border patrols.

Naval Base Guam Aerial Photography
An aerial view of US Naval Base Guam taken in 2018. (Image source: DVIDS)

According to the report, if the hackers intended it to be, this so-called web shell could infiltrate and go over the digital security border without getting caught. The ability to bypass, combined with the identified “great stealth” quality of the malicious script, could run amuck around network infrastructure and siphon sensitive data as investigators take time weaving through the complexities of the tracking process. As a result, it causes a devastating cyberattack.

While Microsoft has so far didn’t found any evidence that indicates the Chinese hacking group has employed the gained access for offensive attacks, the incident should be taken as a forewarning to adopt necessary preventive measures.

China and Its Spy Agenda

As China continued to pursue its expansionist ambition, its surveillance and espionage activities grew more significant in recent years, involving itself in several high-profile incidents that raised concerns among Americans.

According to a previous Center for Strategic & International Studies (CSIS) report, hacking is China’s favorite mode of espionage, accounting for a substantial number of incidents in the last ten years.

These initiatives have so far targeted private and government entities across the state and in various domains, with the most recent cases including but not limited to the arrest of a Chinese national accused of stealing trade secrets in 2017, the expulsion of dozens of Chinese diplomats in 2019 in retaliation for allegedly spying activities, and of course, the Chinese spy balloon that entered the US airspace in February 2023.

Aside from cyber espionage, China has also used conventional and nonconventional methods to execute its spy agenda in the US, which usually does not escalate to offensive cyberattacks. But with the tension stirring related to Taiwan, the threat is becoming more plausible.

Discover the alarming reality of cyberattacks and their devastating consequences on America’s vulnerable power grid in Ted Koppel’s in-depth investigative report, bringing to light the shockingly inadequate level of preparedness within the United States. Check out Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath here!