The Volt Typhoon threat group gained access to utility networks in the United States for nearly a year.

The threat group known as Volt Typhoon, linked to China, gained access to the operational technology (OT) network of the Littleton, Massachusetts, water and electricity departments over a ten-month period in 2023. This attack, which spanned from February to November, was discovered by security researchers at Dragos, who acted swiftly to identify and contain the group's activities, thereby preventing the exposure of customer data.

Data within OT networks is critical, especially when it comes to critical national infrastructure (CNI). Donovan Tindill, director of OT cybersecurity at DeNexus, emphasized that servers from small businesses that are exposed can facilitate intellectual property theft, mapping of electrical grid structures, and the use of data for ransomware attacks.

Experts have analyzed the repercussions of this attack. Tim Mackey, head of software supply chain risk strategy at Black Duck, noted that one of the biggest challenges in cybersecurity for critical infrastructure is the longevity of devices. Those designed with the best practices available at the time of their launch can become vulnerable to more sophisticated attacks as their lifecycle progresses.

Additionally, Nathaniel Jones, vice president of threat research at Darktrace, pointed out that the impact of artificial intelligence tools on CNI attacks represents a growing concern for those defending OT networks. Agnidipta Sarkar, vice president of CISO advisory at ColorTokens, also warned that attacks are on the rise, but that OT leaders and defenders are addressing the issue incorrectly, focusing on stopping attacks rather than preventing their proliferation.

Furthermore, it has been reported that the complexity of IT systems may be increasing security risks for companies, and a recent report from Adaptavist revealed that 40% of IT leaders fear admitting mistakes due to a culture of fear in the workplace.