Resource Library
Security BulletinsRiskVisibilityFebruary 15, 2024

ORDR Security Bulletin - Volt Typhoon

Volt Typhoon represents a critical threat to critical infrastructure operators, leveraging SOHO router vulnerabilities to establish persistent access across communications, energy, and water sectors. This bulletin details the attack methodology, affected devices, and essential mitigation strategies to protect your operational technology environment from nation-state level exploitation.

What you'll learn

  • Identify SOHO routers and internet-facing devices in your OT environment vulnerable to Volt Typhoon tactics
  • Implement network segmentation and access controls to prevent lateral movement from compromised edge devices
  • Monitor for indicators of compromise and establish detection rules for Volt Typhoon command-and-control communications

Access resource

ORDR Security Bulletin - Volt Typhoon

Frequently asked questions
What is Volt Typhoon and which critical infrastructure sectors does it target?
Volt Typhoon is a nation-state level threat actor that leverages SOHO router vulnerabilities to establish persistent access across communications, energy, and water sectors. ORDR's security bulletin details the specific attack methodology and affected devices to help operators identify and remediate vulnerabilities in their OT environments.
How does Volt Typhoon move laterally through OT networks after initial compromise?
After compromising internet-facing SOHO routers, Volt Typhoon uses these edge devices as entry points for lateral movement across operational technology networks. ORDR recommends implementing network segmentation and strict access controls to prevent attackers from moving beyond the perimeter and accessing critical systems.
What detection and monitoring strategies are most effective against Volt Typhoon?
ORDR's approach emphasizes monitoring for indicators of compromise and establishing detection rules specifically for Volt Typhoon command-and-control communications. Combined with visibility into all connected devices in your OT environment, these detection capabilities enable rapid response to active threats before they establish persistence.
Related resources

Solution Briefs

ORDR and Qualys Cloud Platform

Solution Briefs

Uncover What’s Hidden: Full IoT, OT, and IoMT Network Visibility with ORDR and Garland Technology

Solution Briefs

ORDR + Carbon Black

Integration Brief

Mobile Device Management

This resource is published by ORDR, the connected asset security company. ORDR delivers AI-powered visibility, risk assessment, and automated protection for IoT, OT, and IoMT devices across healthcare, manufacturing, government, and financial environments. Browse all resources →