In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt Typhoon is a People’s Republic of China (PRC) sponsored group that uses slow and persistent techniques to gain entry into U.S.-based critical infrastructure. CISA urges “critical infrastructure organizations and technology manufacturers to read the joint advisory and guidance to defend against this threat.

Soon after the Joint Alert, Dragos released its Report “VOLTZITE Espionage Operations Targeting U.S. Critical Systems,” which provides concerning information about the overlap between Volt Typhoon and VOLTZITE and how it is targeting and successfully gaining access to U.S. critical infrastructure.

According to Dragos, “VOLTZITE has been observed performing reconnaissance and enumeration of multiple U.S.-based electric companies since early 2023, and since then has targeted emergency management services, telecommunications, satellite services, and the defense industrial base. Additionally, Dragos has discovered VOLTZITE targeting electric transmission and distribution organizations in African nations.” Dragos also notes that the threat actors are difficult to detect, and therefore, the “slow and steady reconnaissance, enables VOLTZITE to avoid detection for lengthy periods of time.”

Dragos has tracked VOLTZITE in 2023 as follows:

  • Early 2023 – US Territory of Guam compromise.
  • June 2023 – VOLTZITE infiltrates United States emergency management organization.
  • August 2023 – Dragos discovers VOLTZITE targeting African electric transmission and distribution providers.
  • November 2023 – Dragos collaborated with E-ISAC on analysis of VOLTZITE activity against multiple U.S. based electric sector organizations.
  • December 2023 – Dragos discovered evidence that VOLTZITE has overlaps with UTA0178, a threat activity cluster tracked by Volexity, exploiting Ivanti ICS VPN zero-day vulnerabilities.
  • January 2024 – Extensive reconnaissance of a U.S. telecommunication’s providers external network gateways.
  • January 2024 – Evidence of compromise against a large U.S. city’s emergency services GIS network.

Not only is the PRC conducting slow and steady reconnaissance of critical infrastructure in the U.S., but it is also conducting daily reconnaissance of TikTok users. The PRC is a threat to national security on both fronts. Dragos provides ways critical infrastructure operators can mitigate the threat posed by VOLTZITE, which is an important read.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.