The US National Security Agency (NSA) issued a warning to all members of the Five Eyes organization that China has launched a cyber attack against the US. “Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the report states. They are attributing the attack to a state group by the name of Volt Typhoon.
Microsoft first alerted the NSA that Volt Typhoon had compromised critical systems in Guam by installing surveillance malware on government devices. Guam is significant to China because it hosts the Andersen Air Force Base, which could be used in the event that China invaded Taiwan. Guam also hosts numerous ships for use in the Pacific. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” a NSA spokesperson stated.
Volt Typhoon uses “living off the land” techniques to direct a computer’s operating system, enabling them to evade tracking. “In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.”
The Pentagon now believes the spy balloons were affiliated with this operation. The US is too busy with Ukraine to worry about its own national security. The likelihood that the CCP sent bad actors disguised as migrants is more than zero. This malware has now compromised the entire US military, and no one knows how to remove the program from compromised devices and networks.