US officials are concerned that Chinese hackers still have access to sensitive US computer networks, following a recent cyber-attack on key US sectors such as maritime and transportation networks. National Security Agency Director of Cybersecurity, Rob Joyce, has stated that the campaign is “unacceptable” because the hackers sought access to networks that might allow them to disrupt critical services in the future. US officials are still trying to verify that Chinese hackers have been removed from networks they breached during the months-long campaign, and the NSA has been investigating the Chinese hacking effort since last year.
The alleged targeting of critical infrastructure in Guam adds to ongoing US concerns that China could be using its cyber capabilities in anticipation of a future conflict with the US in the Pacific. The hackers have tried to burrow into many organizations with no apparent intelligence value and to “preposition” themselves in US computer networks for potential future operations. The US and its allies have urged infrastructure operators to check their networks for compromise, although the Chinese government has denied the allegations and accused the US of conducting hacking operations in China.
The NSA used its intelligence capabilities to study the Chinese hackers’ tools and to verify the sensitive US infrastructure they targeted. In addition to maritime and transportation organizations, the hackers went after US government agencies, manufacturing and construction firms, among other targets, according to Microsoft. The targeting of Guam is of particular concern because it plays a key part in US military efforts to counter and deter China’s territorial ambitions in the Pacific.
US officials are concerned that Chinese hackers have created footholds in Taiwan’s critical infrastructure that Beijing may use to disrupt key services like electricity in the event of a Chinese invasion of Taiwan. Taiwanese cybersecurity experts have seen a familiar foe in the Microsoft report and immediately began checking their systems for signs of compromise. The longer game some Chinese hackers are playing in Taiwan is to “penetrate into the target networks [and] environments, try everything to make themselves invisible, stay in the critical systems, then make disruptions when they need.”