Plus 3 new goon squads targeted critical infrastructure last year:
Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday.
Dragos specializes in operational technology (OT) security, and as such, its customers include energy, water, manufacturing, transportation, and other critical industries. Unsurprisingly, these are key sectors for Chinese, Russian, and other government-linked cyber operatives to hack for espionage and warfare purposes.
In its yearly cybersecurity report, Dragos said state-sponsored crews haven't let up on their attempts to compromise America's critical infrastructure, with three new OT-focused threat groups joining the fray. This brings the total number worldwide to 26, and of these, 11 were active in 2025.
Additionally, an existing group that Dragos tracks as Voltzite and is "highly correlated" with Volt Typhoon, according to Dragos CEO Robert M. Lee, kept up its intrusion activities last year. This is the Beijing goon squad that the US government has accused of burrowing into critical American networks for years and readying destructive cyberattacks against those targets.
In 2025, Voltzite continued embedding its malware inside strategic American utilities "to maintain long-term persistence," Lee said.
"They [Voltzite] weren't just getting in and getting access - they were getting inside the control loop" system that manages utilities' industrial processes, Lee said in a briefing with reporters, adding that the PRC-backed crew's primary focus is causing future disruption.
"Nothing that they were taking was useful for intellectual property," Lee said. "Everything they were doing and learning was only useful for disrupting or causing destruction at those sites. Voltzite was embedded in that infrastructure for the purpose of taking it down."
[...] One of the three new groups that Dragos began tracking last year - Sylvanite - serves as Voltzite's initial access broker, responsible for weaponizing vulnerabilities and then handing off this access to Voltzite for deeper OT intrusions.
[...] "They're finding edge-device vulnerabilities - the things that a contractor or remote worker would use to get into operations networks," Lee said. "And within 48 hours of disclosure, they're reverse engineering [vulnerabilities] and hitting those devices."
A second group that emerged during 2025, Azurite, overlaps with China's Flax Typhoon and focuses on gaining long-term access to OT engineering workstations and exfiltrating operational files including network diagrams, alarm data, and process information for downstream capability development.
This group targets manufacturing, defense, automotive, electric power, oil and gas, and government organizations across the US, Europe, and the Asia-Pacific region.
Finally, the third new group, Pyroxene, overlaps with activity attributed to Imperial Kitten (aka APT35) - the cyber arm of the Islamic Revolutionary Guard Corps (IRGC).
Dragos spotted Pyroxene conducting "supply chain-leveraged attacks targeting defense, critical infrastructure, and industrial sectors, with operations expanding from the Middle East into North America and Western Europe," according to the report.
[...] Of course, China and Iran aren't the only nations targeting critical infrastructure in America and around the globe. Russia also poses a threat to Western water and utilities - along with any nations helping Ukraine in its ongoing war against the Kremlin's occupation.
Dragos does not attribute cyberattacks to any nations. However, earlier this year, it blamed the December 2025 cyberattacks against Poland's power grid on a group it tracks as Electrum. This group overlaps with Russia's GRU-run Sandworm offensive cyber unit - the crew behind the 2022 attack on a Ukrainian power facility and earlier wiper attacks that coincided with Russia's ground invasion of Ukraine in 2022.
In its new report, Dragos said that Kamacite serves as the initial access provider for Electrum, and it detailed a reconnaissance campaign that Kamacite carried out against vulnerable internet-exposed industrial devices in US water, energy, and manufacturing sectors between March and July 2025.
"While Dragos found no evidence of successful exploitation during this period, the scope and precision of the scanning reveal a meaningful evolution in Kamacite's operational posture," the report said.
(Score: 3, Interesting) by JoeMerchant on Wednesday February 25, @01:05PM (1 child)
They used to embed spies and traitors in foreign governments when they could (and still do).
Now, our control systems are automated - and if you can put your head in the Tron universe for a moment - sleeper agent programs serve the same purpose as an agent in a foreign military who opens the gate to a fort at a critical moment.
Some sleeper agents are easy to identify, if you just take the time and care to look at them, maybe have a little conversation (remember the 1939 World Series? What a game...) Same goes for software agents: signed certificates, closely held secret handshake protocols - many of these will be compromised, but defense in depth really does work: if every layer is 10% compromised, 5 layers gives 99.999% protection.
Thing about our digital infrastructure security, we've been treating it like a volunteer army where all we do is grab random programs "off the street" load them in trucks, take them to the front lines and hand them rifles, grenades and even grenade launchers without even talking to them. It's going to be more expensive to start respecting our infrastructure software and requiring security protocols - not in terms of infeasible communication delays and processing power limitations like it was 60 years ago, but in terms of trusted manpower to craft and maintain the software.
Oh, and hiring programmers off LinkedIn without real effective verification of their references - that's worse than grabbing conscript soldiers off the street, in my opinion.
Next up: who controls the AI agents who are checking all this security code for you, really?
🌻🌻🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Wednesday February 25, @05:13PM
By "They", I assume that you're including the United States Of America. They tend to do this more than any other country; perhaps more than any other continent.
(Score: 5, Informative) by ikanreed on Wednesday February 25, @01:25PM (11 children)
No, dumbshit. The best heavy electrical equipment has been made in China for ten years now.
You buy American if you want your substation project to take 15 years to get built instead of 5.
Power engineering lacks the 25% profit margins that wall street demands so the entire industry up and moved to the country willing to invest in manufacturing.
(Score: 5, Informative) by Anonymous Coward on Wednesday February 25, @02:56PM (2 children)
You buy American for US Gov approved backdoors. For example Cisco has had plenty of backdoors: https://www.tomshardware.com/news/cisco-backdoor-hardcoded-accounts-software,37480.html [tomshardware.com]
https://nvd.nist.gov/vuln/detail/CVE-2025-20309 [nist.gov]
https://www.cve.org/CVERecord?id=CVE-2024-20439 [cve.org]
https://www.networkworld.com/article/3851811/attackers-probing-backdoor-flaw-in-popular-cisco-smart-licensing-utility-warns-sans.html [networkworld.com]
https://nvd.nist.gov/vuln/detail/CVE-2023-20101 [nist.gov]
https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/ [bleepingcomputer.com]
For lulz just search for: cisco hardcoded credentials backdoor followed by a year e.g. 2023
"Once is happenstance. Twice is coincidence. Three times is enemy action"
Ironically, more actual backdoor CVEs than Huawei. You are retarded if you care about security and buy Cisco gear in 2026.
Juniper has had similar issues but not as many as Cisco: https://nvd.nist.gov/vuln/detail/CVE-2021-0248 [nist.gov]
https://supportportal.juniper.net/s/article/2020-04-Security-Bulletin-NFX250-Series-Hardcoded-credentials-in-the-vSRX-VNF-instance-CVE-2020-1614 [juniper.net]
Don't take this as a recommendation for Juniper or Huawei. Go do your own research first.
Do note that I don't regard officially documented default passwords that can be changed as a backdoor. That's not a problem for admins who care about security.
(Score: 3, Interesting) by JoeMerchant on Wednesday February 25, @05:01PM (1 child)
CIA has been backdooring US exports, and exploiting those backdoors, since forever.
Was it Stuxnet in the Iranian centrifuges?
Then there was the Russian gas pipeline equipment, I think that one pre-dated the catchy names trend.
Then there are many more that didn't make the news / get attributed accurately...
🌻🌻🌻🌻 [google.com]
(Score: 1, Interesting) by Anonymous Coward on Thursday February 26, @03:24AM
Thing is too many of these backdoors are stupid stuff like hardcoded usernames and passwords or weak-ass exploitable code.
Hackers in China and elsewhere can easily discover and use such backdoors. So we keep getting news of "utility company gets pwned".
Safer backdoors would be stuff like hardcoded ssh public keys. So even if you reverse engineer the firmware and figure out the obfuscated backdoor code (port knocking etc) and public keys, you don't have the private keys so you can't use the backdoor. Then you force the utility companies to not use edge-devices from vendors with poor security track records. Then the attackers have to target the contractors or staff more.
(Score: 5, Informative) by Snotnose on Wednesday February 25, @03:18PM (1 child)
I still remember my first layoff in the 80s. We were growing like crazy, using microprocessors to literally replace walls of analog equipment. And they had a layoff. Because Wall Street wanted something like 40% profit margin and we were only at 35% or something.
That layoff accomplished 2 things: 1) killed morale; and 2) we all had to work more unpaid overtime to get the work done.
Kiddies, never give your company unpaid overtime. Yeah, you may bump up a couple spots in the "who are we going to layoff next" list but, with 20/20 hindsight, it wasn't worth it.
Trump's Grave will be the world's most popular open air toilet.
(Score: 3, Insightful) by turgid on Thursday February 26, @09:09AM
Kiddies, never give your company unpaid overtime. Yeah, you may bump up a couple spots in the "who are we going to layoff next" list but, with 20/20 hindsight, it wasn't worth it.
This is the correct answer, but there may be instances where it is the wisest thing to do in the very short term. As you point out, it's a symptom of very poor management. Gone are the days when people could reasonably expect to stay decades with the same employer. Keep your CV up to date (every 3-6 months) and always keep an eye on the job market. If you are lucky, you will get paid by the hour. Sometimes big companies may have share purchase incentive schemes for staff. Fill your pockets and boots.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by Deep Blue on Wednesday February 25, @03:24PM (5 children)
I wouldn't call it "the best", when that's pretty much your only option.
(Score: 2) by ikanreed on Wednesday February 25, @03:45PM (4 children)
No, American firms do exist, but their designs are a little bit dated(not very), a little overpriced (not extremely), and on backorder (hence the slowness).
You can make that choice when it makes sense. Which isn't often. Plenty of orgs buy American in spite of those drawbacks, but not enough to fund further investment in manufacturing.
(Score: 2) by JoeMerchant on Wednesday February 25, @05:05PM (3 children)
> Plenty of orgs buy American in spite of those drawbacks, but not enough to fund further investment in manufacturing.
And higher tariffs will fix that right up... any day now.
🌻🌻🌻🌻 [google.com]
(Score: 3, Insightful) by ikanreed on Wednesday February 25, @07:06PM (2 children)
I feel as though if you could do something about the "investors expect way too much goddamn roi, because tech is insane rent-seeking middlmen" side of the equation, tarrifs might sort of work for this kind of thing.
But as a reflective "those foreigners are screwing us, selling things cheap" ideological framing of the moron class does not represent an alternative to the neoliberal "all trade is good trade, just look at how much money we have on paper" faction.
(Score: 3, Insightful) by JoeMerchant on Wednesday February 25, @07:27PM
Yeah, I have always lamented both how similar the actual positions of both parties are, and how absurdly extremely they argue their little (in practice) differences.
🌻🌻🌻🌻 [google.com]
(Score: 2, Interesting) by Anonymous Coward on Thursday February 26, @03:39AM
Not just tech, it's because of the rent-seeking in other fields that property and land costs and living costs are higher in the US than in China. There's stuff like price gouging for eggs: https://www.commondreams.org/news/egg-price-gouging [commondreams.org]
When these costs are much higher, your human labor cost will be higher, the costs to start and run a factory will also be higher.
Then the US Gov fools the US public by claiming that China is dumping stuff at below cost. Sure it's below US cost, but it's not below China cost.
Of course in the future factories might not have many humans at all. But then China potentially has a smoother path in such a future than the USA. If the Chinese Gov took some of the robot created wealth and gave it to the Chinese people, millions would praise it as Communist/Socialist. In contrast if the US Gov even pretended to care and tried that, millions of US people would protest it as Communism or even Theft! These people don't even want to give free healthcare to the poor (even though they are already paying for healthcare to be delivered to the poor more expensively, more inefficiently and less effectively via ERs).