Mar 2025
CYBER
NATION-STATE
Volt Typhoon Dwelled 300 Days in US Electric Grid
Dragos case study revealed Chinese state hackers maintained persistent access to a US electric utility for approximately 300 days, collecting OT system data. The compromise affected a Massachusetts-based utility with hackers present for roughly 10 months before detection.
Target: US Electric Utility (OT Systems)
Duration: ~300 days undetected
Outcome: Expelled after detection by Dragos
Oct–Dec 2024
CYBER
NATION-STATE
Salt Typhoon Telecom Infiltration
Chinese state-sponsored group Salt Typhoon compromised at least nine major US telecommunications companies including Verizon, AT&T, and T-Mobile. While targeting telecom, the campaign exposed infrastructure interdependencies, telecom networks are critical for grid SCADA communications and utility coordination.
Target: 9+ US Telecoms
Grid Risk: SCADA comms dependency
Outcome: Treasury sanctions Jan 2025
2024 (Full Year)
CYBER
Utility Cyberattacks Surge 70%
Check Point Research documented 1,162 cyberattacks on US utilities in 2024, a nearly 70% increase from 689 attacks during the same period in 2023. NERC warned that susceptible points on the grid are growing by approximately 60 per day as digital infrastructure expands.
1,162 documented attacks
70% YoY increase
NERC: 60 new vulnerable points/day
Apr 2024
PHYSICAL
Arrest in Pacific NW Substation Attacks
A Washington state man was arrested and charged in connection with the 2022 attacks on Oregon electrical substations. The federal charging document indicated the attack caused more than $100,000 in damage. The attacks were part of a national pattern with possible ties to extremist groups.
Target: Clackamas County substations
Damage: $100K+
Outcome: Federal charges filed
Jan 2024
CYBER
NATION-STATE
DOJ Disrupts Volt Typhoon KV Botnet
The US Department of Justice announced the disruption of a botnet used by Volt Typhoon to conceal hacking of critical infrastructure. The hackers had infected hundreds of privately-owned SOHO routers with "KV Botnet" malware to obscure the Chinese origin of their intrusions into US energy and utility networks.
Target: Compromised SOHO routers
Action: Botnet disrupted by FBI
Outcome: Five Eyes joint advisory issued
2023 (Full Year)
PHYSICAL
Physical Grid Attacks Hit Record: 185 Incidents
Power providers reported 185 instances of physical attacks or threats against critical grid infrastructure in 2023, beating the previous record from 2022 and doubling the number of incidents from 2021. DOE data showed 200 instances of vandalism, suspicious activity, sabotage, or physical attacks comprising 58% of all reported incidents.
185 reported incidents
Record high, 2× vs 2021
58% of all grid incidents were physical
May 2023
CYBER
NATION-STATE
Volt Typhoon Campaign Disclosed by Microsoft
Microsoft publicly disclosed the Volt Typhoon campaign, a Chinese state-sponsored hacking operation that had been pre-positioning inside US critical infrastructure including energy, water, and telecommunications. The group used "living off the land" techniques to avoid detection, targeting 23 pipeline operators and multiple electric utilities.
Target: Energy, Water, Telecom, Pipelines
Technique: Living off the land
Intent: Pre-positioning for conflict
Dec 3, 2022
PHYSICAL
Moore County, NC. Substation Shooting
Gunfire attacks on two Duke Energy electrical distribution substations in Moore County, North Carolina left up to 45,000 customers without power for several days. One woman died during the outage. The attack exposed critical vulnerabilities in physical grid security and sparked national debate about substation protection. A county-wide curfew and state of emergency were declared.
45,000 customers without power
1 death
Multi-day outage
Curfew & state of emergency
Nov–Dec 2022
PHYSICAL
Pacific Northwest Substation Attack Spree
At least 15 physical attacks on electrical substations across Oregon and Washington, more than the prior six years combined. Six confirmed deliberate attacks were documented across Portland General Electric, Bonneville Power Administration, Cowlitz County PUD, and Puget Sound Energy facilities. The FBI warned of neo-Nazi plots to take down the grid. Methods included gunfire, cutting fences, and equipment sabotage.
15+ attacks in Oregon & Washington
Methods: Gunfire, sabotage, fence cutting
FBI offered $50K reward
Feb 2022
PHYSICAL
White Supremacist Grid Attack Conspiracy
Three white supremacists pleaded guilty to a plot to shut down parts of the nation's power system to sow unrest and cause a "race war." Separately, four neo-Nazis in North Carolina were charged with a conspiracy to destroy a critical substation using guns and explosives. These cases revealed organized domestic extremist targeting of grid infrastructure.
Multiple guilty pleas
Target: Critical substations
FBI: Organized extremist plots
May 2021
CYBER
RANSOMWARE
Colonial Pipeline Ransomware Attack
DarkSide ransomware group shut down the largest fuel pipeline in the US, disrupting gasoline supply across the East Coast. While targeting oil/gas rather than the electric grid directly, this attack became a watershed moment for energy infrastructure cybersecurity, demonstrating how a single ransomware attack could cripple critical energy delivery. Led to major policy shifts including TSA security directives for pipelines.
5,500-mile pipeline shut down
$4.4M ransom paid (partially recovered)
Outcome: TSA security directives