February 20, 2024 at 09:03AM
The industrial cybersecurity firm Dragos has identified Volt Typhoon, a hacker group linked to the Chinese government, as a serious threat to organizations using industrial control systems (ICS) or operational technology (OT). The group’s cyberespionage activities and potential for disruption in critical infrastructure are highlighted in Dragos’ 2023 ICS/OT Cybersecurity Year in Review report, which also mentions two other emerging threat groups, Gananite and Laurionite. The report warns about the increasing ransomware attacks and vulnerabilities impacting OT environments.
Key takeaways from the meeting notes:
1. Volt Typhoon, a sophisticated hacker group linked to the Chinese government, poses a significant threat to organizations using industrial control systems (ICS) or other operational technology (OT).
2. Dragos’ 2023 ICS/OT Cybersecurity Year in Review report identifies 21 threat groups impacting or with potential impact on OT, including three emerging in 2023 and seven currently active.
3. Volt Typhoon, also known as Voltzite, targets various sectors in the US, Australia, and the UK, and has been observed initiating scanning activities against electric sector organizations in North America and aiming attacks at electric transmission and distribution providers in Africa.
4. There’s increasing concern that Volt Typhoon may exploit its access and capabilities to disrupt critical infrastructure organizations’ OT environments.
5. The report also introduces two other new threat groups – Gananite and Laurionite – focusing on espionage and initial access operations in CIS, Central Asian countries, and targeting Oracle iSupplier instances, respectively.
6. The report mentions a 50% increase in ransomware attacks on industrial organizations, with 50 ransomware groups’ activities impacting industrial organizations in 2023.
7. Dragos’ report provides details on over 2,000 Common Vulnerabilities and Exposures (CVEs) impacting OT environments, including those requiring urgent patching and their potential impact.
This summary provides a clear understanding of the security threats highlighted in the meeting notes and their potential impact on organizations using ICS or OT infrastructures.