“Voltzite,” the operational technology (OT)-focused unit within China’s Volt Typhoon Advanced Persistent Threat (APT), is targeting electrical transmission and distribution organizations in African nations, likely with a similar motivation to its business in the United States.
The Volt Typhoon famously continued to conduct reconnaissance and enumeration of multiple U.S.-based critical infrastructure targets, essentially “pre-stage” disruptive capabilities intended to wreak havoc and make communication and movement of materials more difficult if a kinetic turmoil erupts in the South China Sea over Taiwan or trade concerns.
Specifically, security specialist OT Dragos said this last week Voltzite “knocked on the door” of compromising physical industrial control systems (ICS) in electricity sector targets in the United States, and tells Dark Reading that the same modus operandi is occurring in Africa.
“During July and August 2023, Dragos observed known Voltzite infrastructure performing extensive reconnaissance and potential exploitation attempts against the external network perimeter of an African electricity grid operator,” a spokesperson for Dragos says. “The investigation shows that the adversary was probably interested in the target’s geographic information system (GIS) data.”
GIS tools, among other things, can be used to control clusters of Internet of Things (IoT) devices in industrial environments by mapping components and assembling workflows appropriately.
Dragos’ spokesperson adds: “We cannot comment on the intentions of the adversary, as only he knows his intentions, however, targeting the electricity sector and interest in GIS data is strongly in line with Voltzite’s operations in the United States”.
In addition to these attacks, Dragos researchers also observed possible exploitation attempts in November against an African electricity transmission, distribution and retail entity.
China’s digital Silk Road amplifies geopolitical tensions
Such inroad attempts are likely driven by concerns over China’s “Digital Silk Road” initiative, which refers to the country’s massive investments in technology across the continent.
The country’s tech giants are building everything from telecommunications networks to IoT sensor networks to ostensibly modernize city infrastructure. But while African nations see the initiative as a faster, less expensive and more necessary path to modernity and economic development, critics see a brazen form of digital colonialismin which China is gaining a hard-to-remove foothold in the region.
Last year, US lawmakers drafted a resolution criticizing the government of South Africa for being a little too friendly with Beijing. They cited China’s deep involvement in efforts such as installing surveillance cameras across Johannesburg (the superficial claim is that the cameras are to reduce crime; lawmakers said they suspect the real goal is espionage). But the concerns have a military overtone: The resolution came after the country conducted naval exercises with China and Russia, and China may be concerned about potential military interference by the United States.
“The overlaps of OT cybersecurity threats with regional and global kinetic events have never been more evident than in 2023,” according to Dragos’ annual OT security report, released last week. “Geopolitical tensions around the world, including in Asia and Africa, have also driven intelligence gathering activity and organization of capabilities”.