The Hunt: Detecting VOLTZITE Threat Group Activity in Critical Infrastructure

Dragos OT Watch describes detection and threat-hunting activity against the VOLTZITE (Volt Typhoon) APT targeting ICS/OT environments, reporting observed TLS 1.2 command-and-control communications, exfiltration of GIS server data, SMB traversal and discovery actions adjacent to OT systems; the blog outlines known TTPs and IOCs, hunting examples, and defensive measures including platform detections and community notification.