Dragosβ 2025 report warns that three new OT-focused threat groups emerged while a Beijing-linked crew continued compromising cellular gateways, routers, and US electric, oil, and gas networks. The report details Voltziteβs long-term embedding in utility control systems, use of Sierra Wireless AirLink devices and the JDY botnet, and the roles of Sylvanite, Azurite, Pyroxene, Electrum, and Kamacite in expanded supply-chain and reconnaissance activity. #Voltzite #VoltTyphoon
Keypoints
- Dragos identified three new OT-focused threat groups in 2025, bringing the global tracked total to 26 with 11 active groups.
- Voltzite (linked to Volt Typhoon) embedded malware inside utility control systems to maintain persistence and enable disruptive operations.
- Attackers used compromised Sierra Wireless AirLink devices and the JDY botnet to access OT networks and scan VPNs and public IP ranges.
- Sylvanite functions as an initial access broker exploiting F5, Ivanti, and SAP vulnerabilities to hand off access for deeper OT intrusions.
- Azurite and Pyroxene expanded long-term access and supply-chain attacks, while Russian-linked Electrum and Kamacite carried out precise reconnaissance against industrial devices.
Read More: https://www.theregister.com/2026/02/17/volt_typhoon_dragos/