Chinese Hackers Target US Utilities Provider — Infrastructure Attacks on the Rise

Key Takeaways

• The Chinese hacker group VOLTZITE breached a Massachusetts public utility.
• American critical infrastructures have experienced a number of cyber attacks in recent months.
• A single ransomware strain, Medusa, has impacted over 300 victims in critical infrastructure sectors.

Cybersecurity analysts have reported that the China-linked hacker group VOLTZITE successfully breached the systems of a public power utility in Massachusetts.

The revelation comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned about ongoing ransomware threats to “critical infrastructure sectors.”

VOLTZITE Espionage

According to Dragos Intelligence , systems operated by Littleton Electric Light and Water Departments (LELWD) were compromised by VOLTZITE between February and November 2023.

During that period, the group, which overlaps with Volt Typhoon, reportedly collected operational technology data and geographic information system (GIS) files, among other sensitive information.

LOTL Tactics Helps Threats Go Unnoticed

According to Dragos, VOLTZITE uses Living Off The Land (LOTL) tactics that rely on native tools to disguise malicious activities as everyday operations.

The approach is shared by Salt Typhoon, another Chinese-backed threat actor that hacked major American telecommunications networks.

“This strategy, paired with slow and steady reconnaissance, enables VOLTZITE to avoid detection for lengthy periods of time,” analysts said .

Critical Infrastructure Under Siege

The revelation that hackers compromised LELWD underscored the growing frequency of attacks aimed at critical U.S. infrastructure.

On March 12, CISA revealed that a single ransomware strain, Medusa, had impacted over 300 victims from a variety of critical infrastructure sectors, “including medical, education, legal, insurance, technology and manufacturing.”

To date, physical networks have proved more resilient than digital systems. However, incidents like the 2021 Colonial Pipeline ransomware attack demonstrate that America’s hard infrastructure isn’t immune to attack.