- You can set ChatGPT as your default Android assistant now. Here's how
- LockBit Ransomware Developer Extradited to US
- I swapped Siri for Gemini on my iPhone - here's how it went
- IBM laying foundation for mainframe as ultimate AI server
- Switching to LED lightbulbs saved me hundreds of dollars - but here are 5 more reasons to do it
Volt Typhoon Accessed US OT Network for Nearly a Year
A prolonged cyber intrusion by the Volt Typhoon threat group has exposed vulnerabilities in the US electric grid.
Cybersecurity analysts at Dragos discovered that Volt Typhoon, an advanced persistent threat group linked to China, had maintained unauthorized access to the operational technology (OT) network of Littleton Electric Light and Water Departments (LELWD), a small public power utility in Massachusetts, from February to November 2023.
Critical Infrastructure Vulnerabilities
“One of the biggest challenges with cybersecurity in critical infrastructure is the long lifespan of the devices. Something that was designed and tested to the best practices available when it was released can easily become vulnerable to attacks using more sophisticated attacks later in its lifecycle,” warned Tim Mackey, head of software supply chain risk strategy at Black Duck.
Nathaniel Jones, vice president of threat research at Darktrace, echoed Mackey’s views, adding that impact on Critical National Infrastructure (CNI) is a “continued and growing concern with the applications of AI-based capabilities for both offensive and defensive teams.”
Additionally, the targeting of CNI entities suggests threat actors may be building strategic pathways to yield geopolitical leverage in the event of conflict, according to Donovan Tindill, director of OT cybersecurity at DeNexus.
In particular, he explained that exfiltrating OT data allows attackers to:
- Understand system configurations and operations
- Steal intellectual property such as manufacturing techniques
- Identify supply chain relationships for potential disruption
- Map out the electrical grid’s structure and criticality
- Leverage data for ransom or extortion
- Manipulate OT systems toward specific objectives
Rapid Response and Future Precautions
The response to the LELWD breach was swift, according to Dragos. Investigators identified the attacker’s movements, including server message block traversal and remote desktop protocol lateral movement.
The compromised organization was able to contain the threat and reconfigure its network to prevent further exploitation. No customer-sensitive data was reportedly compromised.
“Attack sophistication is on the rise, and OT/ICS organizations shut down when faced with a cyber-attack,” said Agnidipta Sarkar, vice president CISO advisory at ColorTokens. “Unfortunately, cyber OT leadership is focusing on stopping attacks instead of stopping the proliferation of attacks.”
As cyber-threats grow more advanced, CNI organizations must strengthen monitoring and defense strategies. Protecting the electric grid and other vital infrastructure depends on sustained investment in security expertise, technology and risk mitigation.
