US govt is hunting a Chinese malware that can interfere with its military operations

The US government believes that China has deployed malware in key US power and communications networks that can be activated in case of a conflict.

American intelligence officials believe China has implanted malware in key US power and communications networks that can be used in case of conflict, reported The New York Times.

The US newspaper refers to the malware as a “ticking time bomb” that could be activated to disrupt the military.

“The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.” states The New York Times. “The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.”

American intelligence and military officials are hunting a malware developed by China’s People’s Liberation Army that could give China the ability to disrupt US military operations in case of crises that could be triggered by events such as the occupation of Taiwan.

The experts believe that the malware can be used to target critical infrastructure across the US, and pointed out that such kinds of attacks can have a broader effect, impacting also citizens and businesses.

In May, Microsoft warned that China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.

According to Microsoft, the campaign aims at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises.

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

The US government arranged a series of meetings in the White House Situation Room involving top military, intelligence and national security officials to define a strategy for malware identification and eradication.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam R. Hodge, the acting spokesman for the National Security Council. “The president has also mandated rigorous cybersecurity practices for the first time.“

The United States blame China for multiple major hacks against U.S. agencies and infrastructure, and accused the government of Beijing of aggressive espionage actively carried out by different means, such as targeted cyber attacks and bus-size spying balloons.

One of Mr. Biden’s most senior advisers explained that the alleged presence of malware “raises the question of what, exactly, they are preparing for.”

The code can be used to slow down the response of the US in case of the invasion of Taiwan by Chinese military, but another theory is that the code is intended as a diversion.

“Chinese officials, U.S. intelligence agencies have assessed, may believe that during an attack on Taiwan or other Chinese action, any interruptions in U.S. infrastructure could so fixate the attention of American citizens that they would think little about an overseas conflict.” concludes the report.

Follow me on Twitter: @securityaffairs Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, China)