Cyberwarfare

Possible Chinese Malware in US Systems a ‘Ticking Time Bomb’: Report

China has implanted malware in key US power and communications networks in a “ticking time bomb” that could disrupt the military in event of a conflict

China has implanted malware in key US power and communications networks in a "ticking time bomb" that could disrupt the military in event of a conflict

The Biden administration believes China has implanted malware in key US power and communications networks in a “ticking time bomb” that could disrupt the military in event of a conflict, The New York Times reported Saturday.

The Times, quoting US military, intelligence and security officials, said the malware potentially gave China’s People’s Liberation Army the ability to disrupt US military operations if Beijing were to move against Taiwan at some point.

The systems affected, the Times said, could allow China not only to cut off water, power and communications to US military bases, but also to homes and businesses across the United States.

The report comes two months after Microsoft warned that state-sponsored Chinese hackers had infiltrated critical US infrastructure networks.

Microsoft singled out Guam, a US Pacific territory with a vital military outpost, as one target but said malicious activity had also been detected elsewhere in the United States.

It said the stealthy attack, carried out since mid-2021, was likely aimed at hampering the United States in the event of a regional conflict.

Advertisement. Scroll to continue reading.

Authorities in Australia, Canada, New Zealand and Britain warned at the same time that Chinese hacking was likely taking place globally, affecting an extensive range of infrastructure.

Discovery of the malware, the Times said, sparked a series of meetings in the White House Situation Room involving top military, intelligence and national security officials in an effort to track down and eradicate the code.

The newspaper quoted one congressional official as saying the malware operation amounted to “a ticking time bomb.”

The White House issued a statement Friday that made no mention of China or military bases.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam Hodge, acting spokesman for the National Security Council.

He added that President Joe Biden “has also mandated rigorous cybersecurity practices for the first time.”

Reports of the malware operation come at a particularly strained point in US-China relations, with China aggressively asserting its claim that Taiwan is Chinese territory and the US seeking to ban sales of sophisticated semiconductors to Beijing.

Related: Custom Chinese Malware Found on SonicWall Appliance

Related: Chinese Cyberspies Hacked DLP Company Serving Military, Government Orgs

Related Content

Cybercrime

Threat actors are selling investment scam templates created using the legitimate DCloud Uni-App toolkit.

Nation-State

Google’s Threat Intelligence Group has been tracking the cyberespionage group as UNC6508 since early 2025.

Government

The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances

Nation-State

Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information.

Cybercrime

Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities.

Malware & Threats

Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT.

Nation-State

The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. 

Vulnerabilities

The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version