Volt Typhoon Camping in Your Power Grid for 300 Days: The Uninvited Houseguests Who Wont Leave

This is your Digital Frontline: Daily China Cyber Intel podcast. Hey listeners, Ting here on Digital Frontline, your go-to gal for slicing through the chaos of China’s cyber games. Buckle up, because in the last 24 hours, the buzz is all about Volt Typhoon still squatting in America’s power grids like uninvited houseguests from hell. Dragos dropped their Year in Review report just days ago on February 19, and CEO Rob Lee laid it bare: these Chinese state-sponsored hackers have been burrowing into U.S. utilities, water plants, oil pipelines, telecoms, and transport hubs since 2021, prepping for a Taiwan showdown where they could flip the switch on our lights and taps. Picture this: in Littleton Electric Light and Water Departments, a tiny Massachusetts utility, Volt Typhoon camped out for 300 days starting February 2023. They slipped in via a firewall vuln, lived off the land with PowerShell and WMI—no flashy malware, just admin tools blending into the noise. Snagged grid layouts, ops procedures, sensor data—blueprint for sabotage. FBI and CISA swooped in post-Thanksgiving, but Rob Lee warns small rural co-ops and water systems? They’re flying blind, and some intrusions are permanent squatters. Dragos even spotted Volt Typhoon poking operational tech directly now, not just IT recon, and a sidekick group SYLVANITE cracking Ivanti VPNs and Trimble GIS for handoffs. New threat? This escalation means they’re not just spying; they’re one crisis away from blackouts. Sectors hammered: energy, water, everything keeping civilian life and military ops humming. Across NATO allies too, per Dragos—coordinated Western takedown prep. Expert take from Rob Lee: we’re compromised, folks, and detection gaps in understaffed utilities mean undercounts galore. No ransomware drama; it’s stealth geopolitics, unlike Salt Typhoon’s telco hits or Flax Typhoon’s IoT botnets. Defensive playbooks? CISA’s got IOCs out, but you need network monitoring muscle. Businesses, segment IT from OT yesterday—air-gap where you can. Hunt anomalies in legit tools with EDR like Dragos Platform. Patch firewalls, Ivantis, GIS pronto. Utilities, beg feds for funding; mandate basics. Train staff to spot living-off-the-land weirdness—sudden PowerShell spikes? Red flag. Pro tip: simulate breaches quarterly, share intel via ISACs. China’s not blitzing; they’re marathoning access. Stay vigilant, or wake up in the dark. Thanks for tuning in, listeners—subscribe for the daily edge! This has been a Quiet Please production, for more check out quietplease.ai. For more http://www.quietplease.ai Get the best deals https://amzn.to/3ODvOta