Dragos Outlines Voltzite’s Attacks Against Critical Infrastructure

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt Typhoon is a People’s Republic of China (PRC) sponsored group that uses slow and persistent techniques to gain entry into U.S.-based critical infrastructure. CISA urges “critical infrastructure organizations and technology manufacturers to read the joint advisory and guidance to defend against this threat.

Soon after the Joint Alert, Dragos released its Report “VOLTZITE Espionage Operations Targeting U.S. Critical Systems,” which provides concerning information about the overlap between Volt Typhoon and VOLTZITE and how it is targeting and successfully gaining access to U.S. critical infrastructure.

According to Dragos, “VOLTZITE has been observed performing reconnaissance and enumeration of multiple U.S.-based electric companies since early 2023, and since then has targeted emergency management services, telecommunications, satellite services, and the defense industrial base. Additionally, Dragos has discovered VOLTZITE targeting electric transmission and distribution organizations in African nations.” Dragos also notes that the threat actors are difficult to detect, and therefore, the “slow and steady reconnaissance, enables VOLTZITE to avoid detection for lengthy periods of time.”

Dragos has tracked VOLTZITE in 2023 as follows:

  • Early 2023 – US Territory of Guam compromise.
  • June 2023 – VOLTZITE infiltrates United States emergency management organization.
  • August 2023 – Dragos discovers VOLTZITE targeting African electric transmission and distribution providers.
  • November 2023 – Dragos collaborated with E-ISAC on analysis of VOLTZITE activity against multiple U.S. based electric sector organizations.
  • December 2023 – Dragos discovered evidence that VOLTZITE has overlaps with UTA0178, a threat activity cluster tracked by Volexity, exploiting Ivanti ICS VPN zero-day vulnerabilities.
  • January 2024 – Extensive reconnaissance of a U.S. telecommunication’s providers external network gateways.
  • January 2024 – Evidence of compromise against a large U.S. city’s emergency services GIS network.

Not only is the PRC conducting slow and steady reconnaissance of critical infrastructure in the U.S., but it is also conducting daily reconnaissance of TikTok users. The PRC is a threat to national security on both fronts. Dragos provides ways critical infrastructure operators can mitigate the threat posed by VOLTZITE, which is an important read.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide