The United States overseas territory of Guam suffered through a pair of devastating “typhoons”– including a literal typhoon that slammed the small Pacific island with sustained winds of 140 mph, while it was followed by a report that a cyberattack had been conducted by a hacker consortium with ties to Beijing dubbed “Volt Typhoon.”
In the Path of the Storm
Typhoon Mawar was powerful enough that it destroyed homes, flipped cars, and even demolished wind sensors at the airport. The damage was so strong that only satellite images could effectively capture the enormous swath of destruction. At one point, 98% of the island lost power – and it took almost two days just to fully restore the power to Guam Memorial Hospital.
The wrath of “Mother Nature” also put into question the role the island plays as part of the U.S. military strategy in the Pacific.
The United States Navy was forced to move ships out to sea before the storm hit, a standard procedure when U.S. military bases prepare for hurricanes. The super typhoon generated winds of 175 mph, and waves of at least 60 feet, which caused flood across Guam. The result put new demands on the military, even as there has already been repeated flooding at Naval Base Guam in recent years.
Andersen Air Force Base is also considered to be one of the most critical U.S. military installations in the Western Pacific.
Cyberattack on Guam
Even as the island was struggling to recover from Typhoon Mawar, a report was released that Chinese hackers reportedly employed a “stealthy” malware attack on critical infrastructure at American military bases. Tech giant Microsoft released a report that highlighted one of the largest known cyber espionage campaigns directed against U.S. interests.
Beijing responded by calling the Microsoft report “highly unprofessional” and labeled it “disinformation.”
The report, which was produced with the assistance of the Five Eyes alliance – comprising the intelligence agencies of the United States, Australia, Canada, New Zealand the UK – was released last week. Microsoft, which had initially flagged the breach, claimed the malicious code was installed to spy on and disrupt “communications infrastructure between the U.S. and Asia during future crises.”
The attack was carried out by Volt Typhoon, a state-sponsored actor based in China, Microsoft claimed.
“Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States,” Microsoft Security said via a blog post. “In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Microsoft chose to highlight this Volt Typhoon activity because of its significant concern around the potential for further impact to its customers.
“Although our visibility into these threats has given us the ability to deploy detections to our customers, the lack of visibility into other parts of the actor’s activity compelled us to drive broader community awareness and further investigations and protections across the security ecosystem,” the company added.
Serious Attack or a Probe?
A question to ask is what was the actual intent of such a targeted attack. It wasn’t an all-out assault to cripple any infrastructure – at least not yet.
“There are differences between exploratory events designed to test systems and probe for weaknesses and disruptive events that aim to do actual damage,” explained technology analyst Charles King of Pund-IT.
“The attack in Guam appears to belong to the first group, and is troubling because Guam will play an important role in U.S. efforts to protect Taiwan from military invasion,” King told ClearanceJobs. “An interesting point about the attack was the decision to speak about it publicly and establish a narrative about its meaning and importance.”
The Biden administration had done this before, notably in the weeks leading up to Russia’s invasion of Ukraine.
“By doing so, it put Russia on its back foot and also reduced the confusion and anxiety a surprise attack would have caused in Ukraine,” King noted. “Something similar could be happening here.”
Such types of attacks have become increasingly common, and the U.S. shouldn’t be surprised that a Chinese threat actor was engaged in such activity.
“China and Russia for that matter are regularly trying to break into U.S. – and we return the favor – and other countries’ networks for intelligence and cyber warfare operations,” added Roger Entner, principal analyst at Recon Analytics.
The significance of this attack can’t be understated however. We could also reach a point where what starts in cyberspace could lead to open conflict if the actions warrant it. The question is when is the line crossed.
“Guam is the tip of the U.S. spear in the Pacific and therefore our first line of defense and a popular target for Chinese cyber forces,” Entner told ClearanceJobs. “Where the line is with cyberattacks is quite blurry. Does a given cyberattack cross the bounds of what each country is willing to tolerate is like beauty in the eye of the beholder.”