10 August 2023

U.S. Military Systems Infected by Chinese Malware: How Deep Does It Run?

SCOTT IKEDA


Anonymous officials from the Biden administration have told the New York Times that Chinese malware has been planted in the networks that control the critical infrastructure of military bases. The “ticking time bomb” could potentially cripple military systems in the event of a conflict between the two countries.

A theoretical attack of this nature would be meant to primarily impact military systems, but would necessarily have knock-on effects for civilian infrastructure as well. There is not yet a clear picture of how deep the Chinese malware campaign runs, but the first samples of it were found in Guam in May by Microsoft’s security team.
Chinese malware intended to cut power, water to military bases ahead of deployments

The Chinese malware appears to be primarily targeted at overseas military bases that would likely be in heavy use in the event of a conflict over Taiwan. But homes and businesses in the area would also be impacted, as the critical infrastructure is shared between military systems and civilian residential or business areas.

The threat is not limited to overseas territories or bases, however, as the officials indicated that the Chinese malware could also likely cut off utilities to civilian areas of the continental United States. Indications are that this particular campaign has been active since at least mid-2021, and traces of the code that targeted military systems in Guam has also been found stateside.

The discovery has reportedly prompted a series of high-level meetings in the White House Situation Room calling together representatives from the military, intelligence community and national security apparatus. In response to media questioning about the report, the White House only issued a general statement about its commitment to defending national infrastructure and preventing disruptions. The statement made no mention of the Chinese malware or any potential compromise of military systems.

Joe Saunders, CEO of RunSafe Security, sees this as a call to arms for private industry as well: “The threat of a ticking time bomb like this malware means we need to double-down our efforts to achieve not just memory safety in software in the long term, but memory protection in software immediately. Otherwise we take the risk of losing our ability to support our warfighters and maintain a normal sense of operation in society.”
Threat to military systems comes as Taiwan tensions increase

The anonymous officials said that some members of Congress, state governors and utility companies have been briefed on the possibility of action against military systems. The officials did not provide a clear indication of the extent of damage the Chinese malware could do, but did say that the government was confident it could restore anything that was knocked out within a few days.

Though it could potentially be used against civilians, the main tactical use of the Chinese malware would likely be to delay deployments to areas of conflict by knocking out communications and power. The code is reportedly “well hidden” throughout military systems and critical infrastructure and there is no particular timetable for finding it all, if all of it can even be found. Officials are also reportedly not confident that they can keep Chinese hackers from returning to plant more malware.

Some in the administration seem to believe that the plan also includes attacking civilian areas, however. There is apparently a theory that the code might be used to sporadically distract the US population from any battles over Taiwan by knocking out communications or utilities for short periods.


The official sources also did not indicate exactly how the government attributed the found malware to China, only saying that Microsoft was involved in the investigation and there is a possible connection to the state-backed “Volt Typhoon” group famous for its innovative tactics and for targeting Western critical infrastructure since mid-2020.


As it always does, China responded to the story (via its embassy in Washington) with a statement that it does not engage in cyber espionage and that the US is attempting a smear campaign, adding the claim that US hackers regularly engage in cyber attacks against its government agencies.

Surveillance is far from uncommon, and some level is accepted by both nations as a fact of life. But code seemingly designed specifically to disrupt military systems is a completely different story. Russia has been caught poking around the US electrical grid for nearly a decade now, but has not been observed planting “kill switches” of this sort. For its part, China’s state-backed hackers are regularly linked to espionage campaigns against both government agencies and private companies. A recent exploit of a stolen signing token for Microsoft’s web-based email targeted numerous officials, including Ambassador Nicholas Burns and Commerce Secretary Gina Raimondo.

These incursions into military systems are also not the only issues the US government is currently dealing with. Over the final weekend in July, an Air Force engineer in Tennessee stole a variety of government equipment that contained information considered compromising to 17 different agencies, including the FBI. A statement indicated that the engineer was in financial difficulties, had been known to sell radio equipment and had been reported by other airmen as a potential threat to military security.

No comments: