Ampyx Cyber warns Volt Typhoon poses strategic threat to electric utilities despite quiet activity, calls for action
ICS/OT cybersecurity consulting firm Ampyx Cyber outlined that the Volt Typhoon threats represent a real and present strategic risk to electric utilities, even in the absence of visible disruption, and what executive leadership should do now. As these cyber adversaries embed themselves within U.S. critical infrastructure networks, including electric utilities, the objective is not immediate disruption. Unlike ransomware or other overt attacks, this activity is designed to quietly establish and maintain access using legitimate credentials and administrative tools, preserving the option to trigger disruption at a time of the adversary’s choosing.
“The absence of outages or visible impact should not be interpreted as safety. It reflects a deliberate strategy to remain undetected until access is needed,” Ampyx Cyber wrote in an executive brief titled ‘Volt Typhoon and the Strategic Risk to Electric Utilities,’ published Monday. “This represents a strategic risk, not a technical nuisance. Addressing it requires leadership attention, prioritization, and targeted investment, not panic or wholesale transformation.”
Noting in its 4-page brief that Volt Typhoon hackers do not behave like typical cyber adversaries, Ampyx observed that they avoid malware that security tools are designed to detect, use legitimate user accounts and administrative tools, operate slowly, often over months or years, blending into normal operations, and focus on enterprise systems first, not operational systems initially. Government testimony has warned that these actors are ‘positioned to move from IT to OT’ when conditions allow. Enterprise access should therefore be viewed as preparation, not containment.
Read more at Industrial Cyber