2 days ago
4
The U.S. government has uncovered a Chinese hacking campaign targeting Guam's critical infrastructure, according to Bloomberg. Guam is a key U.S. military outpost, a foothold on one of the remote Mariana Islands in the Pacific. China's operation is reportedly called Volt Typhoon and it is meant to disrupt military and civilian operations in the event of conflict over Taiwan. The purported campaign focuses on infiltrating operational systems to prepare for potential sabotage, creating widespread vulnerabilities in Guam.
Volt Typhoon infiltrates systems by mimicking legitimate users and unlike attacks that exfiltrate data, this program seeks control over critical infrastructure such as water systems, power grids, and communication networks. Volt Typhoon is said to operate so discreetly that detection relies on identifying anomalies, like irregular login patterns. This is where it got detected, as the Guam Power Authority (GPA), the only provider of electricity on the island, became a point of interest when U.S. investigators approached its cybersecurity head — Melvyn Kwek — to assess unusual network activity back in 2022.
GPA supplies about 20% of its energy to the U.S. Navy, so it is a crucial military node for both civilian and military operations and of course a focal point of the investigation. Guam is geographically reasonably close to China and its role in hosting major U.S. military bases in the region - in proximity with Japan, Taiwan, and the Philipines, amplifies its strategic importance. This creates a potential vulnerability for cyberattacks to paralyze utilities and disrupt military operations in the Pacific for the U.S. military.
The source report says that some big-name victims, such as Docomo Pacific, a subsidiary of Japan's NTT Docomo, continue to recover from breaches. Microsoft researchers first detected traces of Volt Typhoon in 2021 during an investigation into a Houston port cyberattack. Further investigations revealed multiple intrusions, including into federal networks that were previously believed to be secure.
Federal agencies such as the FBI, NSA, and Coast Guard have since deployed teams to Guam, installing monitoring systems across energy grids, ports, and telecom networks. Despite these efforts, the decentralized nature of Guam's infrastructure, managed largely by private entities, complicates coordinated defenses. This makes things challenging, as do local resistance and mistrust delaying comprehensive security measures.
In one example of mistrust, GPA declined offers from Google-owned Mandiant for network monitoring, citing concerns about external oversight. Furthermore, rival telecom companies in Guam are wary of publicizing their vulnerabilities, so they resisted collaboration during a 2024 congressional visit, according to the Bloomberg report.
English (US) ·