Chinese malware detected in systems on Guam

(AP Photo/Michel Euler, File)

This story goes back to at least February of this year but we’re only hearing about it now. Microsoft, working with American intelligence agencies, identified some Chinese malware at an unnamed US port. Tracing backwards they found the same state-sponsored group had inserted the malware into telecom systems in Guam.


The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. The operation was conducted with great stealth, sometimes flowing through home routers and other common internet-connected consumer devices, to make the intrusion harder to track.

The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections…

Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.

Microsoft’s announcement suggested Volt Typhoon had been moving slowly and quietly through these systems for a long time.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible…

Microsoft has observed Volt Typhoon discovering system information, including file system types; drive names, size, and free space; running processes; and open networks. They also attempt to discover other systems on the compromised network using PowerShell, Windows Management Instrumentation Command-line (WMIC), and the ping command. In a small number of cases, the threat actors run system checks to determine if they are operating within a virtualized environment.


So the Chinese had access to these systems but had so far only used that access to gather information, i.e. spying. However, if Xi Jinping were to announce an invasion of Taiwan they could in theory use their access to shut down communications or create problems for utilities on Guam.

Meanwhile, China continues to bully Taiwan on the world stage. Yesterday, the island was shut out of a World Health Assembly meeting thanks to Chinese pressure.

The World Health Assembly has again rejected Taiwan’s request to join its annual gathering amid routine objections from China and despite strong support from a coalition of countries including the US, UK, France and Australia.

The assembly – the forum through which the World Health Organization is governed – on Monday decided not to extend an invitation for Taiwan to attend the 21-30 May event in Geneva as an observer. China and Pakistan spoke against the bid, while the Marshall Islands, Belize, Nauru and Eswatini – four of Taiwan’s 13 formal diplomatic allies – spoke in support…

China’s ministry of foreign affairs welcomed the WHA decision, claiming that almost 100 countries had affirmed its “one China principle” and objected to Taiwan’s inclusion…

Last week the Taiwan-based representatives of the UK, US, Australia, France, Japan, Lithuania, Canada, the Czech Republic and Germany issued a joint statement supporting Taiwan’s inclusion.


So China won this round but it won’t change the fact that the people of Taiwan have no interest in being puppets of the Chinese Communist Party. China’s current President Tsai Ing-wen is term limited but there’s a good chance her successor could be even more pro-independence than she is.

President Tsai Ing-wen has to step down at the end of her second term, under constitutional limits. Her chosen successor, Lai, has been vice-president since 2019. The 63-year-old former public health expert has been in politics since 1996, including as mayor of Tainan…

He’s been described as more “green” (pro-independence) than Tsai, which had prompted some concern about whether a Lai presidency could worsen cross-strait tensions. In 2017 he described himself as a “pragmatic worker for Taiwan independence”, but has since stepped back from the stance, and is now sticking to Tsai’s more cautious formulation on Taiwan – that it is already a sovereign nation with no need to declare independence.

For the moment, China probably isn’t capable of invading Taiwan but that could change in the next few years. Whoever wins the next election will have a lot on his or her plate.

Join the conversation as a VIP Member

Trending on HotAir Videos