Microsoft uncovers Chinese cyber attack on the island of Guam
According to the tech giant, the hack occurred at the same time a spy balloon from China was detected in U.S. airspace.
Microsoft reported Wednesday that there was a Chinese cyber attack targeting the island of Guam. Although it just became known, the cyber attack occurred in February, at the same time that a Chinese spy balloon was detected flying over the U.S. sky.
The hack, carried out by the Chinese group Volt Typhoon, mainly targeted organizations in different sectors such as communications, utilities, transportation, construction, manufacturing, maritime, information technology, education and even government. All of these sectors were victims of an attack, Microsoft said in a statement, to "perform espionage and maintain access without being detected for as long as possible."
To do so, Volt Typhoon performed an attack known as a "web shell." This hack installs a malicious script on the systems of certain clients and allows remote access to their servers. It mainly affects older models that do not have up-to-date software and protection. The technology giant said that it "has directly notified targeted or compromised customers."
This code, unlike the Chinese spy balloon, cannot be removed so easily. For this reason, Microsoft published in the same report the steps for affected users to remove the malware. The company claims that it is not aware that the data collected so far has been utilized by China but that it is part of a "spying campaign." However, the information could be used in the future to enable a destructive attack.