Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa.

Geothermal power plant in Menengai Crater, Nakuru, Kenya, East Africa
Source: Jacek Sopotnicki via Alamy Stock Photo

"Voltzite," the operational technology (OT)-focused unit within China's Volt Typhoon advanced persistent threat (APT), is targeting electric transmission and distribution organizations in African nations — likely with a similar motivation to its activity in the US.

Volt Typhoon has famously continued to perform reconnaissance and enumeration of multiple US-based critical infrastructure targets, essentially "pre-staging" disruptive capabilities meant to sow chaos and make it more difficult to communicate and move materials if kinetic turmoil erupts in the South China Sea over Taiwan or trade concerns.  

Specifically, OT security specialist Dragos said last week that Voltzite has been "knocking on the door" of compromising physical industrial control systems (ICSes) at electric-sector targets in the US, and tells Dark Reading that the same MO is playing out in Africa.

"During July and August 2023, Dragos observed known Voltzite infrastructure performing extensive reconnaissance and potential exploitation attempts against an African electric network operator's external network perimeter," a Dragos spokesperson says. "From the investigation, it is assessed that the adversary was likely interested in the target's geographic information systems (GIS) data."

GIS tools, among other things, can be used to control clusters of Internet-of-things (IoT) devices in industrial settings by mapping components and assembling workflows appropriately.

The Dragos spokesperson adds, "We cannot comment on the intent of the adversary, as only the adversary knows their intent — however, targeting of the electric sector and interest in GIS data is heavily in alignment with Voltzite's operations within the United States."

In addition to those attacks, Dragos researchers also observed possible exploitation attempts in November against an African electric transmission, distribution, and retailer entity.

China's Digital Silk Road Amplifies Geopolitical Tensions

Such incursion attempts are likely driven by concerns around China's "Digital Silk Road" initiative, which refers to the country's heavy investment in technology across the continent.

The country's tech giants are building everything from telecommunications networks to IoT sensor meshes for ostensibly modernizing city infrastructure. But while African nations see the initiative as a quicker, less-expensive, and much-needed path to modernity and economic development, critics see a brash form of digital colonialism, wherein China is gaining a difficult-to-dislodge foothold in the region.

Last year, US lawmakers drafted a resolution criticizing South Africa’s government for being a little too cozy with Beijing. They cited the deep involvement China has in efforts such as installing surveillance cameras across Johannesburg (the surface claim is that the cameras are for crime reduction; lawmakers have said they suspect espionage capability to be the real goal). But the concerns have a military tinge: The resolution came after the country conducted naval exercises with China and Russia, and China could be concerned with potential military meddling by the United States.

"The overlaps of OT cybersecurity threats with regional and global kinetic events have never been more evident than in 2023," according to Dragos' annual OT security report, released last week. "Geopolitical tensions worldwide, including in Asia and Africa, have also driven intelligence gathering and capability-staging activity."

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights