A recent report from Dragos underscores the ongoing cyber threats to U.S. critical infrastructure, particularly from the Chinese-backed group Volt Typhoon. This group has been actively compromising cellular gateways and routers to infiltrate energy, oil, and gas sectors.
Volt Typhoon’s Continued Intrusions
According to Dragos’ annual threat report, Volt Typhoon has maintained its operations, embedding malware within U.S. utilities to ensure long-term access. This group is associated with Voltzite, which has been implicated in extensive infiltration activities aimed at disrupting critical infrastructure.
Dragos CEO Robert M. Lee noted that Voltzite’s focus is not on stealing intellectual property but rather on preparing for potential future disruptions. The group has reportedly compromised Sierra Wireless AirLink devices, gaining access to operational technology (OT) networks and exfiltrating sensitive operational and sensor data.
Emergence of New Threat Groups
In addition to Volt Typhoon, Dragos identified three new threat groups targeting critical infrastructure in 2025. The first, Sylvanite, acts as an initial access broker for Voltzite, exploiting vulnerabilities in internet-facing products from vendors like F5, Ivanti, and SAP. This group has been active across North America, Europe, and Asia.
The second group, Azurite, overlaps with China’s Flax Typhoon and aims to gain long-term access to OT engineering workstations, exfiltrating crucial operational files. This group targets various sectors, including manufacturing and defense.
Lastly, Pyroxene, which is linked to the Islamic Revolutionary Guard Corps, has been conducting supply chain attacks against critical infrastructure, expanding operations from the Middle East into North America and Western Europe.
Ongoing Threat Landscape
While the focus has been on Chinese cyber activities, Dragos also noted the persistent threat from Russian groups, particularly in the context of the ongoing conflict in Ukraine. The report highlights a reconnaissance campaign by a group called Electrum, which has been scanning vulnerable industrial devices in the U.S. energy and manufacturing sectors.
Dragos does not attribute specific cyberattacks to any nation but emphasizes the evolving tactics and operational posture of these threat groups. The report serves as a reminder of the complex and persistent threats facing critical infrastructure globally.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
