Security

US govt is hunting a Chinese malware that can interfere with its military operations

The US government believes that China has deployed malware in key US power and communications networks that can be activated in case of a conflict.

American intelligence officials believe China has implanted malware in key US power and communications networks that can be used in case of conflict, reported The New York Times.

The US newspaper refers to the malware as a “ticking time bomb” that could be activated to disrupt the military.

“The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.” states The New York Times. “The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.”

American intelligence and military officials are hunting a malware developed by China’s People’s Liberation Army that could give China the ability to disrupt US military operations in case of crises that could be triggered by events such as the occupation of Taiwan.

The experts believe that the malware can be used to target critical infrastructure across the US, and pointed out that such kinds of attacks can have a broader effect, impacting also citizens and businesses.

In May, Microsoft warned that China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.

According to Microsoft, the campaign aims at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises.

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

The US government arranged a series of meetings in the White House Situation Room involving top military, intelligence and national security officials to define a strategy for malware identification and eradication.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam R. Hodge, the acting spokesman for the National Security Council. “The president has also mandated rigorous cybersecurity practices for the first time.

The United States blame China for multiple major hacks against U.S. agencies and infrastructure, and accused the government of Beijing of aggressive espionage actively carried out by different means, such as targeted cyber attacks and bus-size spying balloons.

One of Mr. Biden’s most senior advisers explained that the alleged presence of malware “raises the question of what, exactly, they are preparing for.”

The code can be used to slow down the response of the US in case of the invasion of Taiwan by Chinese military, but another theory is that the code is intended as a diversion.

“Chinese officials, U.S. intelligence agencies have assessed, may believe that during an attack on Taiwan or other Chinese action, any interruptions in U.S. infrastructure could so fixate the attention of American citizens that they would think little about an overseas conflict.” concludes the report.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

VMware fixed RCE and privilege escalation bugs in vCenter Server

VMware addressed vCenter Server vulnerabilities that can allow remote code execution or privilege escalation. VMware…

6 hours ago

Meta delays training its AI using public content shared by EU users

Meta announced it is postponing the training of its large language models using public content…

10 hours ago

Keytronic confirms data breach after ransomware attack

Printed circuit board assembly (PCBA) manufacturer Keytronic disclosed a data breach after a ransomware attack.…

14 hours ago

The Financial Dynamics Behind Ransomware Attacks

Over the last few years, ransomware attacks have become one of the most prevalent and…

16 hours ago

Empire Market owners charged with operating $430M dark web marketplace

Federal authorities charged two individuals with operating the dark web marketplace Empire Market that facilitated…

1 day ago

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances…

1 day ago

This website uses cookies.