VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems

VOLTZITE is an active espionage threat group observed targeting U.S. and international critical infrastructure—electric utilities, emergency management, telecommunications, satellite services, and defense—since 2023. Dragos reports the group uses living-off-the-land techniques, web shells, and FRP (fast reverse proxy) for C2, often routing traffic through compromised SOHO devices or leased VPSs, exhibits strong operational security and long dwell times, overlaps with several known threat clusters, and provides IOCs and detection recommendations via its public intelligence brief.