The FBI and EPA have issued a joint warning regarding a resurgence of “Volt Typhoon,” a China-state-sponsored threat group. The actors have been detected inside the IT networks of multiple US water and wastewater utilities, “pre-positioning” for potential disruptive attacks.
Business Impact
This is a strategic threat to public safety. Unlike ransomware, the goal here is not money but the capability to disrupt critical life-support systems during a geopolitical crisis. Attackers are targeting smaller, under-resourced utilities to gain a foothold.
Why It Happened
Volt Typhoon is using “Living off the Land” (LotL) techniques—using legitimate system tools to blend in—and exploiting weak passwords on internet-facing remote access systems used by facility contractors.
Recommended Executive Action
Utilities must enforce strict MFA on all remote access. Conduct “threat hunting” specifically looking for anomalous usage of standard administrative tools (PowerShell, WMI). Isolate OT (Operational Technology) networks from IT networks entirely.
Hashtags: #VoltTyphoon #China #WaterSecurity #CriticalInfrastructure #EPA #FBI #CyberWarfare #InfoSec