Cybersecurity firm Dragos has revealed a prolonged cyber attack by the Chinese threat actor Volt Typhoon into the United States electric grid, specifically targeting the Littleton Electric Light and Water Departments (LELWD) in Massachusetts. This breach lasted over 300 days from February to November 2023.
The incident came to light just before Thanksgiving in 2023 when the FBI alerted LELWD to a potential compromise. Following investigations, with assistance from Dragos, revealed that the Volt Typhoon had infiltrated the utility’s systems as early as February 2023.
According to Dragos’s report, during this extensive period, the threat actors collected sensitive operational technology (OT) data, including information on energy grid operations, which could facilitate future disruptive attacks on critical infrastructure.
Volt Typhoon’s Modus Operandi
Volt Typhoon, also known as VOLTZITE, is a Chinese state-sponsored advanced persistent threat group active since at least mid-2021. The group focuses on cyber espionage, primarily targeting US critical infrastructure sectors such as telecommunications and energy. They employ sophisticated techniques to maintain persistent, long-term access to networks while evading detection.
Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, emphasizes the challenges posed by the long lifespan of devices in critical infrastructure. He notes that devices designed and tested to best practices available at their release can become vulnerable to more sophisticated attacks later in their lifecycle. Attackers, aware of the emphasis on uptime and service availability in critical infrastructure, may exploit these vulnerabilities to plan targeted attacks rather than opportunistic ones.
Implications and Recommendations
The LELWD incident shows the increasing cyber threats to essential services and why the energy sector needs proper cybersecurity measures. Organizations responsible for critical infrastructure must prioritize regular assessments and updates of their cybersecurity protocols to address evolving threats.
Additionally, implementing strong monitoring systems, conducting security audits, and collaborating with cybersecurity experts are essential to securing your infrastructure from threat actors like the Volt Typhoon.
RELATED TOPICS
- Hackers Have Reportedly Infiltrated The US Power Grids
- Retired Software Exploited To Target Power Grids, Microsoft
- Critical Solar Power Grid Vulnerabilities Risk Global Blackouts
- Hacking Power Grids: TETRA Radio Hacking Risks Infrastructure
- Controller-level flaws let hackers physically damage moving bridges
