Chinese malware designed to cripple critical infrastructure may be scattered throughout America’s military systems, according to a report from the New York Times. Officials have told reporters that they do not have a full accounting of this malware campaign as of yet, and may not be able to stop the hackers from planting it again if it is removed.
The primary purpose of the Chinese malware appears to be to knock out utilities to military bases, likely with the goal of confusing and slowing deployments in the event of some sort of armed conflict over Taiwan. The military systems are sometimes tied in with nearby civilian infrastructure, however, and thus the general public could be impacted if China decides to flip the switch.
Advanced nation-state hackers gain access to military systems
The anonymous sources said that the White House Situation Room has been host to a number of meetings about the issue as of late, though there is still no official government confirmation. The one confirmed instance of Chinese malware being found in military systems was in Guam in 2021, but the officials say that discovery opened the door to awareness of a much broader campaign.
The official sources also said that briefings about the threat have been given to certain members of Congress, state governors and high-level executives at certain utility companies. The assessment of the threat at present is that any outages would be temporary and resolved in no more than a few days, but that civilians could very well be impacted and that outages could happen in the continental United States. While the Chinese malware is most likely aimed at confounding military deployments, there is a line of though that it also might be used to sow chaos and distraction among the general population during certain operations in Taiwan.
The malicious code is apparently buried quite deeply in military systems, difficult to detect every instance of. There has been some debate about whether or not to remove it entirely, with some favoring attempting to quietly neutralize it and then monitor traffic to it. The prevailing attitude seems to be to find it and excise it, but officials are not sure that the hackers can be prevented from returning and planting more. There are signs the campaign may be spearheaded by Volt Typhoon, a very advanced group of state-backed Chinese hackers.
No official attribution of Chinese malware as of yet
At the moment, there is no public confirmation of these details. The US government has not yet addressed the alleged Chinese malware campaign in its statements, and for its part China denies the NYT reporting and claims it is a smear campaign.
If the reporting is accurate, the move represents a significant escalation in terms of hostile action in cyberspace. Both countries regularly conduct espionage, something that has become generally globally permissible and deemed not worthy of military retaliation. But poking around in the grid is different from actively planting malware designed to damage critical infrastructure and cripple military systems.
Perhaps the most concerning element is the unknown extent to which the Chinese hackers might shut down civilian systems. Extended outages could potentially cause loss of life, as demonstrated by ransomware attacks on hospitals in recent years, and constitute war crimes under the terms of the Geneva Convention.