Microsoft recently detected malicious computer code installed by a Chinese government hacking group in telecommunications systems in Guam and elsewhere in the United States. The code, known as a “web shell”, enables remote access to a server and is particularly vulnerable in older routers that have not had updated software and protections.
The code raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation.
The Biden administration has declined to discuss what the F.B.I. found as it examined the equipment recovered from the balloon. But the craft — better described as a huge aerial vehicle — apparently included specialized radars and communications interception devices that the F.B.I. has been examining since the balloon was shot down.
The National Security Agency, along with other domestic agencies and counterparts in Australia, Britain, New Zealand and Canada, published a 24-page advisory that referred to Microsoft’s finding and offered broader warnings about a “recently discovered cluster of activity” from China.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said that covert efforts “like the activity exposed today are part of what’s driving our focus on the security of telecom networks and the urgency to use trusted vendors” whose equipment has met established cybersecurity standards.
The code is part of a vast Chinese intelligence collection effort that spans cyberspace, outer space and the lower atmosphere. It is unclear whether the government’s silence about its finding from the balloon is motivated by a desire to keep the Chinese government from knowing what the United States has learned or to get past the diplomatic breach that followed the incursion.