WASHINGTON - According to a media report, China’s access to US networks and systems, after Chinese “web shell” malware allegedly from the Chinese state-sponsored actor Volt Typhoon was coincidentally found in systems in Guam and other U.S.-based infrastructure around the time the Super Typhoon “Mawar” rolled over Guam.

Share

An alert released by Microsoft assessed that the hacker group is working on developing the capability to disrupt "critical communications infrastructure" between the United States and Asia during future crises. 

A report by the U.S. Government’s Joint Cybersecurity Advisory said, “One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives”.

“This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations,” the statement added.

A report by CNN cites U.S. officials as saying that the hackers might still have access to the American systems, as the officials continue to assess the situation to see if the hacker’s access has been locked out, or if their access to the networks remains intact.

National Security Agency Director of Cybersecurity Rob Joyce said that the situation is “unacceptable”, as the systems the hackers sought access to would have allowed them to potentially disrupt critical infrastructure and services down the road.

The hackers targeted not only transportation and maritime agencies, manufacturing and construction firms, but also U.S. government agencies, according to the Microsoft assessment.

“We assess this is prepositioning against critical infrastructure – more broadly than just [potentially] interrupting communications,” Joyce said, adding that the National Security Agency agrees with Microsoft’s findings.

That the hackers targeted government agencies indicates a high likelihood that the malware was intended to remain dormant until a geopolitical conflict arose, at which time the malware could be activated and carry out specific directives.

Jamil N. Jaffer, founder and executive director of the National Security Institute at George Mason University’s law school said that “There is virtually no question that, if the US were to get directly involved in a conflict with China over Taiwan, China would seek to use its cyber capabilities to ensure that US forces are less effective in combat”.

Jaffer told CNN, “Given this, the access to critical infrastructure that China is developing in Guam and elsewhere represents an important and growing risk to the ability of the US to effectively respond in the case of a conflict with China”.

Guam would be a key military outpost were there to be any kind of conflict in the Indo-Pacific and is the home of two strategic military bases: Naval Base Guam in Santa Rita and Andersen Air Force Base in Yigo. The island is also home to the Guam Army National Guard.

According to the U.S. Navy, “The island of Guam is located approximately 3,300 miles West of Hawaii, and 1,500 miles east of the Philippines and south of Japan.

Guam is a territory of the United States and its residents are US citizens. The island is about 36 miles long, and 6-12 miles wide, and in many ways, Guam is an all-American community”.

During any kind of future confrontation in the region with Beijing, it would be in China’s best interest to disrupt communications between Guam and Asia.