'Voltzite' Zaps African Utilities as Part of Volt Typhoon's Onslaught

"Voltzite," the operational technology (OT)-focused unit within China's Volt Typhoon advanced persistent threat (APT), is targeting electric transmission and distribution organizations in African nations — likely with a similar motivation to its activity in the US.

Volt Typhoon has famously continued to perform reconnaissance and enumeration of multiple US-based critical infrastructure targets, essentially "pre-staging" disruptive capabilities meant to sow chaos and make it more difficult to communicate and move materials if kinetic turmoil erupts in the South China Sea over Taiwan or trade concerns.  

Specifically, OT security specialist Dragos said last week that Voltzite has been "knocking on the door" of compromising physical industrial control systems (ICSes) at electric-sector targets in the US, and tells Dark Reading that the same MO is playing out in Africa.

"During July and August 2023, Dragos observed known Voltzite infrastructure performing extensive reconnaissance and potential exploitation attempts against an African electric network operator's external network perimeter," a Dragos spokesperson says. "From the investigation, it is assessed that the adversary was likely interested in the target's geographic information systems (GIS) data."

GIS tools, among other things, can be used to control clusters of Internet-of-things (IoT) devices in industrial settings by mapping components and assembling workflows appropriately.

The Dragos spokesperson adds, "We cannot comment on the intent of the adversary, as only the adversary knows their intent — however, targeting of the electric sector and interest in GIS data is heavily in alignment with Voltzite's operations within the United States."

In addition to those attacks, Dragos researchers also observed possible exploitation attempts in November against an African electric transmission, distribution, and retailer entity.

China's Digital Silk Road Amplifies Geopolitical Tensions

Such incursion attempts are likely driven by concerns around China's "Digital Silk Road" initiative, which refers to the country's heavy investment in technology across the continent.

The country's tech giants are building everything from telecommunications networks to IoT sensor meshes for ostensibly modernizing city infrastructure. But while African nations see the initiative as a quicker, less-expensive, and much-needed path to modernity and economic development, critics see a brash form of digital colonialism, wherein China is gaining a difficult-to-dislodge foothold in the region.

Last year, US lawmakers drafted a resolution criticizing South Africa’s government for being a little too cozy with Beijing. They cited the deep involvement China has in efforts such as installing surveillance cameras across Johannesburg (the surface claim is that the cameras are for crime reduction; lawmakers have said they suspect espionage capability to be the real goal). But the concerns have a military tinge: The resolution came after the country conducted naval exercises with China and Russia, and China could be concerned with potential military meddling by the United States.

"The overlaps of OT cybersecurity threats with regional and global kinetic events have never been more evident than in 2023," according to Dragos' annual OT security report, released last week. "Geopolitical tensions worldwide, including in Asia and Africa, have also driven intelligence gathering and capability-staging activity."