Voltzite, the operational technology (OT)-focused unit within China’s Volt Typhoon advanced persistent threat (APT), has expanded its targeting to electric transmission and distribution organizations in African nations with a motive similar to its activities in the US.
Known for its relentless reconnaissance and enumeration of critical infrastructure targets in the US, Volt Typhoon has been strategically preparing disruptive capabilities to create chaos and hinder communication and material movement in the event of kinetic turmoil in the South China Sea or trade disputes over Taiwan. The group, particularly Voltzite, has been actively engaging in compromising physical industrial control systems (ICSes) at electric-sector targets in the US, and now their operations have extended to Africa, as reported by OT security specialist Dragos.
During the months of July and August 2023, Dragos observed Voltzite infrastructure conducting extensive reconnaissance and potential exploitation attempts against an African electric network operator’s external network perimeter. The focus of the adversary seemed to be on the target’s geographic information systems (GIS) data, which is crucial for controlling IoT devices in industrial settings. This aligns well with Voltzite’s operations in the US, indicating a consistent pattern of behavior.
In November, Dragos researchers also detected possible exploitation attempts on an African electric transmission, distribution, and retailer entity, further highlighting the group’s active measures in the region.
These incursion attempts are believed to be influenced by China’s “Digital Silk Road” initiative, which involves significant investments in technology infrastructure development across Africa. While African nations view this initiative as a beneficial path to modernization and economic growth, critics perceive it as a form of digital colonialism, enabling China to establish a firm foothold in the region.
In light of these developments, US lawmakers have expressed concerns about China’s deep involvement in African nations, particularly citing instances such as the installation of surveillance cameras in Johannesburg. These actions, along with joint naval exercises with China and Russia, raise suspicions of espionage and potential military interference, prompting geopolitical tensions between major powers.
The convergence of OT cybersecurity threats with regional and global kinetic events has become increasingly apparent in 2023, as highlighted in Dragos’ recent OT security report. Geopolitical tensions in various regions, including Asia and Africa, have fueled intelligence gathering and capability-staging activities, underscoring the complex interplay between cybersecurity threats and broader geopolitical dynamics.
As Voltzite continues to target critical infrastructure in African nations, the need for heightened cybersecurity measures and enhanced international cooperation to mitigate these threats is more pressing than ever. It remains imperative for organizations and governments to remain vigilant and proactive in safeguarding critical systems against malicious actors seeking to disrupt essential services and sow chaos.