China may have engaged in digital espionage against US Pacific interests. Microsoft and the National Security Agency (NSA) clearly A state-sponsored Chinese hacking group, Bolt Typhoon, has allegedly installed surveillance malware on “critical” systems on the island of Guam and across the United States. The group has been active since mid-2021 and has reportedly infiltrated not only government agencies but also sectors such as telecommunications, manufacturing and education.
Investigators say the Bolt Typhoon prioritizes stealth. It uses a “live off the land” technique that relies on resources already present in the operating system and direct “keyboarding” actions. They use the command line to collect credentials and other data, archive information and use it to stay on the targeted system. They also try to hide their activities by sending data traffic through small and home office network hardware they control, such as routers. Custom tools help set up command and control channels through proxies that keep information private.
Although this malware has not been used in attacks, its web shell-based approach can be used to damage infrastructure. Microsoft and the NSA have released information to help potential victims detect and remove the work of Bolt Typhoon, but affected accounts should be closed or modified, so the intrusion is not possible. It warned that it could be “difficult” to prevent.
US official busy To new york times We believe the Guam infiltration is part of a larger Chinese intelligence-gathering system that includes a reconnaissance balloon that was reported to have passed over a U.S. nuclear site earlier this year. Guam is concerned because it is home to Andersen Air Force Base, which is likely to be used in the U.S. response to China’s invasion of Taiwan. It is also an important hub for Pacific shipping.
The Biden administration is stepping up its efforts to protect critical infrastructure. General security requirements. The United States has fallen prey to multiple attacks on critical systems in recent years. gas pipeline and meat supplier. The discovery of the Bolt Typhoon highlights the importance of stronger defenses. Such malware can compromise US forces at critical moments.