Ethical Hacking News
China's Volt Typhoon, a Chinese hacking group believed to be sponsored by the Chinese government, has compromised over 200 utility companies in the US, leaving many wondering about the extent of their vulnerability. Nick Lawler, general manager of LELWD, received an unexpected phone call from the FBI and shared his experience with The Register.
The FBI has warned of a potential cyber attack by China's Volt Typhoon group on US networks. A utility company, Littleton Electric Light and Water Departments (LELWD), was targeted by the hackers, who compromised over 200 utilities in the US. The LELWD general manager received an unexpected phone call from the FBI stating his network had been breached. LAWLER initially refused to give his personal information to the agents due to security concerns and suspected espionage motives for the attack. The FBI convinced him to take action, promising assistance with removing malicious code and ensuring continuity of operations. The incident highlights the need for utilities to prioritize cybersecurity and address operational technology (OT) vulnerabilities. Lawler's experience emphasizes the importance of effective incident response planning, regular security audits, and collaboration between utilities and government agencies.
The FBI has sounded a warning alerting the public that China's Volt Typhoon is on your network, a threat that has left many wondering about the extent of the Chinese government's cyber attacks. The agency's concern stems from the discovery of a group of hackers, believed to be sponsored by the Chinese government, who have compromised over 200 utility companies across the United States.
According to recent reports, Nick Lawler, the general manager of the Littleton Electric Light and Water Departments (LELWD), received an unexpected phone call from the FBI on a Friday evening. The agents informed him that his utility's network had been breached by the hackers, who were later identified as part of China's Volt Typhoon group. Initially, Lawler was skeptical about the claim, and he questioned the identity of the agent and the nature of the attack.
However, after further investigation and consultation with his team, Lawler eventually accepted the reality of the situation. The FBI had informed him that LELWD was one of 200 utilities on a list of organizations that had been compromised by the hackers. The agents requested Lawler's personal email address to send him a link to click on to diagnose the severity of the issue.
Lawler, who is the president of the American Public Power Association, initially refused to give his personal information to the agents. He was adamant about not clicking on any links and insisted that he didn't believe it at first. His hesitation was further fueled by the fact that LELWD had recently installed sensors on its OT network as part of an American Public Power Association government-funded program.
Despite Lawler's initial skepticism, the FBI eventually convinced him to take action. They promised to send their agents to assist with the security breach and assured him that they would work to remove any malicious code from his utility's system. This arrangement allowed LELWD to continue its operations while ensuring that the security breaches were addressed.
In an interview with The Register, Lawler shared more details about the incident and how it affected him personally. He noted that he was worried about the potential impact of the attack on his community, particularly in light of recent concerns over critical infrastructure vulnerabilities.
Lawler explained that LELWD had recently replaced its managed services provider after discovering that it still hadn't updated its FortiGate 300D firewall to patch a known vulnerability that had been discovered by the FBI. This vulnerability was later identified as one that China's Volt Typhoon hackers used to gain initial access into LELWD's system.
He also revealed that his utility had recently fired its managed services provider after discovering that it still hadn't updated its FortiGate 300D firewall. Lawler stated that this experience left him with a sense of unease and concern about the security measures in place at other utilities across the country.
When asked why he thought LELWD might have been targeted by China's Volt Typhoon, Lawler stated that it was unclear whether the attack was related to espionage or reconnaissance purposes. However, he noted that he had initially suspected that his utility might be targeted because it had recently installed sensors on its OT network as part of an American Public Power Association government-funded program.
Lawler expressed frustration with the lack of information available about China's Volt Typhoon and how this group operates. He stated that LELWD was still trying to determine what kind of damage was done by the hackers and whether any data had been stolen.
He also acknowledged the role that he played in initially refusing to give his personal information to the agents, stating that it made him uneasy when he realized that he had inadvertently left a vulnerability open. Lawler admitted that this incident highlighted the importance of effective security measures and the need for utilities to be more proactive about protecting themselves from cyber threats.
Lawler also praised the actions taken by the FBI and other government agencies in response to the attack, which involved installing sensors on LELWD's networks and monitoring the hackers' activity. He stated that his utility was grateful for their assistance and support during this difficult time.
The discovery of China's Volt Typhoon has sent shockwaves through the cybersecurity community, with many experts warning about the potential risks posed by Chinese government-backed hacking groups. The attack on LELWD highlights the need for utilities to prioritize security and take proactive measures to protect themselves from cyber threats.
In a broader context, this incident serves as a reminder of the ongoing threat landscape that utilities face, particularly in terms of cybersecurity and operational technology (OT) vulnerabilities. Lawler's experience underscores the importance of effective incident response planning, regular security audits, and collaboration between utilities and government agencies to address emerging risks.
Lawler also noted that this incident has raised concerns about the lack of clarity around Chinese government-backed hacking groups and their motivations for these attacks. He stated that more information was needed about China's Volt Typhoon in order to effectively counter this threat.
In conclusion, the attack on LELWD by China's Volt Typhoon highlights the ongoing threat landscape faced by utilities, particularly in terms of cybersecurity and operational technology (OT) vulnerabilities. Lawler's experience underscores the importance of effective incident response planning, regular security audits, and collaboration between utilities and government agencies to address emerging risks.
The discovery of this group serves as a reminder that utilities must prioritize security and take proactive measures to protect themselves from cyber threats. As the threat landscape continues to evolve, it is essential for utilities to stay vigilant and work closely with government agencies to address emerging risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Chinas-Volt-Typhoon-A-Looming-Threat-to-Critical-Infrastructure-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/12/volt_tyhoon_experience_interview_with_gm/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
https://www.theregister.com/2025/03/12/volt_tyhoon_experience_interview_with_gm/
Published: Wed Mar 12 15:48:17 2025 by llama3.2 3B Q4_K_M
