This premium article is exclusive to SOFREP+ Subscribers - Thank you for your support.
Stock photo
Unlike the attention-grabbing Chinese spy balloon, which garnered sensationalized media coverage earlier this year, this recently uncovered espionage incident is causing even greater alarm among authorities.
As millions of American watch the dramatic shot down of the spy balloon that was reportedly equipped with surveillance and believed to be an equipment part of China’s intelligence-gathering program, US Intelligence agencies and tech giant Microsoft found an unknown computer code stealthily traversing over telecommunication systems in Guam. It also appears to be weaving through other network locations across the state.
Microsoft released a detailed report last week, determining that a hacking group associated with the Chinese government installed the mysterious code that aimed to target American critical infrastructure organizations, subsequently causing significant concern.
The report noted that a group called “Volt Typhoon” is responsible for the cyberattack, a known state-sponsored Chinese hacker that generally focuses on espionage and information-gathering initiatives. Based on the assessment of the tech giant, the group appears to be pursuing a potential to “disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Microsoft uncovered the code in question, identifying it as a “web shell,” a malicious script enabling unauthorized remote server access.
Volt Typhoon attack diagram according to Microsoft report (Screenshot via Microsoft)
Reporting on the findings, The New York Timesexplained that the installed stealthy code can often infiltrate home routers and other commonly used internet-connected consumer devices, particularly older models susceptible to such vulnerabilities due to the lack of software and security update.
Compared to the spy balloon that can be seen even from hundreds of miles away, the malicious script is not easily visible and is especially hard to be traced by non-technical users. Even investigators who are experts in the field have gone through the complexities of the tracking process to uncover it due to the additional layer it possesses.
Besides major network infrastructures, the malicious code is also capable of going through regular communication grids, such as electric and gas utilities, that could interfere with maritime operations and transportation systems, NYT said.
Unlike the attention-grabbing Chinese spy balloon, which garnered sensationalized media coverage earlier this year, this recently uncovered espionage incident is causing even greater alarm among authorities.
As millions of American watch the dramatic shot down of the spy balloon that was reportedly equipped with surveillance and believed to be an equipment part of China’s intelligence-gathering program, US Intelligence agencies and tech giant Microsoft found an unknown computer code stealthily traversing over telecommunication systems in Guam. It also appears to be weaving through other network locations across the state.
Microsoft released a detailed report last week, determining that a hacking group associated with the Chinese government installed the mysterious code that aimed to target American critical infrastructure organizations, subsequently causing significant concern.
The report noted that a group called “Volt Typhoon” is responsible for the cyberattack, a known state-sponsored Chinese hacker that generally focuses on espionage and information-gathering initiatives. Based on the assessment of the tech giant, the group appears to be pursuing a potential to “disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Microsoft uncovered the code in question, identifying it as a “web shell,” a malicious script enabling unauthorized remote server access.
Volt Typhoon attack diagram according to Microsoft report (Screenshot via Microsoft)
Reporting on the findings, The New York Timesexplained that the installed stealthy code can often infiltrate home routers and other commonly used internet-connected consumer devices, particularly older models susceptible to such vulnerabilities due to the lack of software and security update.
Compared to the spy balloon that can be seen even from hundreds of miles away, the malicious script is not easily visible and is especially hard to be traced by non-technical users. Even investigators who are experts in the field have gone through the complexities of the tracking process to uncover it due to the additional layer it possesses.
Besides major network infrastructures, the malicious code is also capable of going through regular communication grids, such as electric and gas utilities, that could interfere with maritime operations and transportation systems, NYT said.
What’s So Alarming About It?
As mentioned, cybersecurity experts have detected the malicious script weaving through critical telecommunication systems in Guam, a strategically important location where most significant US harbors and air bases, including the largest Pacific ports. These installations would play a substantial role in any potential American military response to China’s invasion or blockade of Taiwan, thus making it an ideal target.
Although the recent intrusion primarily focuses on espionage, investigators have identified the code’s potential to bypass firewalls, raising the probability of destructive cyberattacks.
In its basic definition, a firewall is a security tool that helps keep a user’s computer or network safe from potential threats from the wild west web, known as the Internet. It acts as a digital barrier, thus the name, that also monitors and controls the incoming and outgoing traffic like border patrols.
An aerial view of US Naval Base Guam taken in 2018. (Image source: DVIDS)
According to the report, if the hackers intended it to be, this so-called web shell could infiltrate and go over the digital security border without getting caught. The ability to bypass, combined with the identified “great stealth” quality of the malicious script, could run amuck around network infrastructure and siphon sensitive data as investigators take time weaving through the complexities of the tracking process. As a result, it causes a devastating cyberattack.
While Microsoft has so far didn’t found any evidence that indicates the Chinese hacking group has employed the gained access for offensive attacks, the incident should be taken as a forewarning to adopt necessary preventive measures.
China and Its Spy Agenda
As China continued to pursue its expansionist ambition, its surveillance and espionage activities grew more significant in recent years, involving itself in several high-profile incidents that raised concerns among Americans.
According to a previous Center for Strategic & International Studies (CSIS) report, hacking is China’s favorite mode of espionage, accounting for a substantial number of incidents in the last ten years.
These initiatives have so far targeted private and government entities across the state and in various domains, with the most recent cases including but not limited to the arrest of a Chinese national accused of stealing trade secrets in 2017, the expulsion of dozens of Chinese diplomats in 2019 in retaliation for allegedly spying activities, and of course, the Chinese spy balloon that entered the US airspace in February 2023.
Aside from cyber espionage, China has also used conventional and nonconventional methods to execute its spy agenda in the US, which usually does not escalate to offensive cyberattacks. But with the tension stirring related to Taiwan, the threat is becoming more plausible.
—
Discover the alarming reality of cyberattacks and their devastating consequences on America’s vulnerable power grid in Ted Koppel’s in-depth investigative report, bringing to light the shockingly inadequate level of preparedness within the United States. Check out Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermathhere!
As someone who’s seen what happens when the truth is distorted, I know how unfair it feels when those who’ve sacrificed the most lose their voice. At SOFREP, our veteran journalists, who once fought for freedom, now fight to bring you unfiltered, real-world intel. But without your support, we risk losing this vital source of truth. By subscribing, you’re not just leveling the playing field—you’re standing with those who’ve already given so much, ensuring they continue to serve by delivering stories that matter. Every subscription means we can hire more veterans and keep their hard-earned knowledge in the fight. Don’t let their voices be silenced. Please consider subscribing now.
One team, one fight,
Brandon Webb former Navy SEAL, Bestselling Author and Editor-in-Chief
Barrett is the world leader in long-range, large-caliber, precision rifle design and manufacturing. Barrett products are used by civilians, sport shooters, law enforcement agencies, the United States military, and more than 75 State Department-approved countries around the world.
PO Box 1077 MURFREESBORO, Tennessee 37133 United States
Scrubba Wash Bag
Our ultra-portable washing machine makes your journey easier. This convenient, pocket-sized travel companion allows you to travel lighter while helping you save money, time and water.
Our roots in shooting sports started off back in 1996 with our founder and CEO, Josh Ungier. His love of airguns took hold of our company from day one and we became the first e-commerce retailer dedicated to airguns, optics, ammo, and accessories. Over the next 25 years, customers turned to us for our unmatched product selection, great advice, education, and continued support of the sport and airgun industry.
COMMENTS
There are on this article.
You must become a subscriber or login to view or post comments on this article.