American intelligence agencies and Microsoft have detected a mysterious computer code that has been popping up in telecommunications systems in Guam and elsewhere in the United States.
Microsoft says the code was installed by a group called ‘Volt Typhoon’, part of a Chinese state-sponsored effort targeting critical infrastructure such as communications, electric and gas utilities, as well as maritime operations and transportation.
This has raised alarms in the United States since because Guam, with its Pacific ports and vast American air base, is vital for any military response that the US might mount in case of an invasion or blockade of Taiwan.
The code, called a ‘web shell’, is a malicious script that enables remote access to a server. Home routers are particularly vulnerable, especially older models without updated software or protections. Authorities say it was installed with “great stealth”, sometimes flowing through routers and other common consumer devices, making the intrusion harder to track.
The web shell is designed to break through firewalls, which could enable anyone with access to enable destructive attacks. However, the company has said that the code seems to have been used for an espionage campaign and not to access offensive attacks.
Microsoft and the National Security Agency announced that they would publish details of the code, making it possible for corporate users, manufacturers and others to detect and remove it.
Administration officials said they believed the code was part of a vast Chinese intelligence collection effort that spans cyberspace, outer space and the lower atmosphere.