A new study into a cyberattack at the Littleton Electric Light and Water Departments (LELWD), a public power utility in Massachusetts serving Littleton and Boxborough, has revealed the threat actor behind the attack. The malicious activity has been attributed to Chinese threat actor Volt Typhoon.
The study, published by cybersecurity firm Dragos, claims that while the LELWD breach was discovered in November 2023, the hackers had been in the organisation’s network since at least February 2023—for over 300 days in total. The group’s existence came to light in May 2023 when Microsoft caught it targeting US critical infrastructures and linked it to the Chinese governments.
In the case of LELWD, hackers were found collecting data on OT systems, something it had been doing to hacked organisations for a while. The group is also known for its rampant use of botnets, zero-days, and overall attack sophistication.
With the threat actor’s ability to maintain persistence discovered, Dragos is now looking to extract information on how the group operates. Specifically, data related to OT operating procedures and any spatial layout data relating to energy grip operations. Dragos believes this information helps the group decide exactly when and where to attack. Additionally, this data might also help determine if they want to use a Stage 2 capability in the future.
Stage 2 capability in hacking groups that targeted industries indicated that the adversary can develop and test attacks of industrial control systems. Dragos tracks several other actors apart from Volt Typhoon who possess such capabilities. While the security firm hasn’t spotted Volt Typoon, otherwise tracked as Voltzite attacking ICS systems yet, it could pose a threat in the future.
In the News: Match Group, AIDF denied Apple’s confidential antitrust data
