Chinese hackers linked to the notorious Volt Typhoon cyber espionage campaign infiltrated the systems of a major utility company in Littleton, Massachusetts, and remained inside for nearly a year, according to a report published by cybersecurity firm Dragos.
The breach is believed to be part of a broader cyberespionage effort by China’s government targeting US critical infrastructure.
The Littleton Electric Light & Water Department discovered the breach just before Thanksgiving in 2023. David Ketchen, the utility’s assistant general manager, received an alarming call from the FBI on a Friday afternoon alerting him to the suspected compromise. The following Monday, FBI agents, along with representatives from the Cybersecurity and Infrastructure Security Agency (CISA), arrived on-site to assist with the investigation.
The attack, which had been ongoing since February 2023, was traced back to Volt Typhoon, a hacking group reportedly backed by the Chinese government. While the breach did not appear to compromise any customer-sensitive data, Dragos confirmed that hackers performed lateral movement within the systems and attempted data exfiltration.
The Volt Typhoon campaign targeting US critical infrastructure came to light in May 2023, after Microsoft linked the group to a series of espionage operations targeting US critical sectors.
Dragos, which tracks Volt Typhoon under the name Voltzite, reported last year that the group had been collecting sensitive operational technology (OT) data from compromised organizations.