Chinese Malware Hits Systems on Guam. Is Taiwan the Real Target?

May 24, 2023
239 views

Around the time that the Federal Bureau of Investigation was examining the equipment recovered from the wreckage of the Chinese spy balloon shot down off the South Carolina coast in February, American intelligence agencies and Microsoft detected what they feared was a more worrisome intruder: mysterious computer code that has been popping up in telecommunications systems in Guam and elsewhere in the United States.

The code, which Microsoft said was installed by a Chinese government hacking group, raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. It was installed with great stealth, sometimes flowing through routers and other common internet-connected consumer devices, to make the intrusion harder to track.

But unlike the balloon that fascinated Americans as it performed pirouettes over sensitive nuclear sites, the computer code could not be shot down on live television. So instead, Microsoft and the National Security Agency were set on Wednesday to publish details of the code that would make it possible for corporate users, manufacturers and others to detect and remove it.

The code is called a “web shell,” in this case a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models that have not had updated software and protections.

Source: The New York Times