By: Denise Simon | Founders Code
No worries America, President Biden is on vacation again, this time for a week. Meanwhile, it was back in May that Microsoft and Mandiant (0wned by Google) reported Volt Typhoon was in a few power systems either for espionage or worse for later capability to disrupt. Presently, there is no immediate threat however, experts outside of the federal government are studying the cyber language and issuing warnings.
Experts say it’s one of the largest known cyber espionage campaigns against the US.
A key US military outpost, Guam’s ports and air bases would be crucial to any Western response to a conflict in Asia. Together with the Five Eyes alliance – comprising the intelligence agencies of the US, Australia, Britain, New Zealand and Canada – Microsoft published details of the malware.
A cyberattack on Guam is equivalent to an attack on Silicon Valley. Guam, with a population of nearly 154,000, is indistinguishable from the 50 states for the purposes of defense under international and domestic law. It would also be vital to US military operations in any conflict over Taiwan. The Guam Defense System, the defense architecture surrounding Guam and the Mariana Island Chain, is the top homeland defense priority of the current commander of the US Indo-Pacific Command, Admiral John Aquilino. Guam contains the United States’ largest refueling and armament stations in the first and second island chains that provide lines of defense against China. The 2023 National Defense Authorization Act also announced $1.4 billion for defense projects in Guam, and the U.S. Marine Corps is building its first new base in 72 years there. Guam has among the highest military recruitment levels in the United States. In recognition of Guam’s military importance, China calls its DF-26 intermediate ballistic missile, which has a 2500-mile firing range, “the Guam Killer.” Source
The U.S. has 3 military bases (installations in Guam)
China’s “peacetime” targeting of critical infrastructure that is used by both civilians and the US military erodes the principles of the law of war. The principle of distinction ordinarily forbids targeting civilian objects, such as civilian property and infrastructure. However, many computer networks are used for both civilian and military purposes. Such “dual use” objects may be targetable based on their nature, purpose, and use. However, combatants must still comply with the other principles of the law of war: military necessity, proportionality, and avoiding unnecessary suffering.
Microsoft has tracked a group of what it believes to be Chinese state-sponsored hackers who have since 2021 carried out a broad hacking campaign that has targeted critical infrastructure systems in US states and Guam, including communications, manufacturing, utilities, construction, and transportation.
Microsoft’s blog post offered technical details of the hackers’ intrusions that may help network defenders spot and evict them: The group, for instance, uses hacked routers, firewalls, and other network “edge” devices as proxies to launch its hacking—targeting devices that include those sold by hardware makers ASUS, Cisco, D-Link, Netgear, and Zyxel. The group also often exploits the access provided from compromised accounts of legitimate users rather than its own malware to make its activity harder to detect by appearing to be benign.
Blending in with a target’s regular network traffic in an attempt to evade detection is a hallmark of Volt Typhoon and other Chinese actors’ approach in recent years, says Marc Burnard, a senior consultant of information security research at Secureworks. Like Microsoft and Mandiant, Secureworks has been tracking the group and observing its campaigns. He added that the group has demonstrated a “relentless focus on adaption” to pursue its espionage.
US government agencies, including the National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department published a joint advisory about Volt Typhoon’s activity today alongside Canadian, UK, and Australian intelligence. “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the agencies wrote. As early as 2009, US intelligence officials warned that Chinese cyberspies had penetrated the US power grid to “map” the country’s infrastructure in preparation for a potential conflict. Two years ago, CISA and the FBI also issued an advisory that China had penetrated US oil and gas pipelines between 2011 and 2013. China’s Ministry of State Security hackers have gone much further in cyberattacks against the country’s Asian neighbors, actually crossing the line of carrying out data-destroying attacks disguised as ransomware, including against Taiwan’s state-owned oil firm CPC. Source
The largely unknown amount of Chinese-made equipment within the North American grid is a threat to national security, experts warned during a Thursday congressional hearing that explored cybersecurity vulnerabilities within the electric sector.
Witnesses from the Department of Energy and private sector testifying during the Senate Energy and Natural Resources Committee echoed a sentiment increasingly heard in Washington that a longstanding dependence on Chinese technologies and cheap components is now an alarming national security issues for U.S. critical infrastructure.