The Precondition Is Already Sitting on the Internet
Read Dragos's ninth annual OT Cybersecurity Year in Review the way most of the trade press will read it, and the story is VOLTZITE: a Chinese state-linked group, operating inside U.S. midstream pipeline networks, crossing into Stage 2 of the ICS Cyber Kill Chain by pivoting from compromised Sierra Wireless gateways into engineering workstations and asking those workstations, in effect, what it would take to make them stop. That is a real finding, properly sourced, and it deserves the attention it is about to get.
Read the report a second time, against its own vulnerability-research section, and a different argument assembles itself — one Dragos's authors gesture toward but never quite state outright, because it isn't really a Dragos argument. It's an argument that requires holding three separate parts of their report next to each other at the same time: what VOLTZITE has been documented doing, what Dragos itself says a second Stage 2 group named AZURITE is most likely doing it for, and what an entirely unrelated piece of internal Dragos vulnerability research found sitting exposed on the public internet, with no authentication required, at the exact class of facility — grid-scale battery storage and distributed solar inverters — that the United States is racing to build out faster than almost any other category of energy infrastructure.
Put plainly: the report contains, in three separate sections, (1) a documented threat group whose access pattern has moved from watching to probing, (2) Dragos's own moderate-confidence assessment that a second, similarly-postured group is doing this specifically to prepare for offensive operations in the event of geopolitical conflict, and (3) a scan of the open internet showing that the device category best suited to executing exactly that kind of preparation — accessible, capable of physical consequence, requiring no credential to manipulate — is already live, in production, undefended, at meaningful scale. Those are not three unrelated findings filed under "vulnerabilities" and "threat groups" because a report has to be organized somehow. Read together, they describe a precondition that already exists, sitting on the public internet, for an operation that named threat actors have already shown documented intent to prepare.
This is not a claim that VOLTZITE is coming for battery storage specifically. Nobody has been caught touching a SunSpec-exposed inverter. We want to be exactly as careful about that distinction as the source report we are responding to was — more careful, in places, because the argument we are about to make leans harder on synthesis than anything Dragos's own analysts committed to print. But "nobody has been caught yet" is a statement about detection, and the report itself documents, repeatedly, that detection across this entire device category does not currently exist. The absence of an observed intrusion is not reassuring when nobody would notice the intrusion if it happened. That is the argument. We think it deserves to be made plainly rather than left as an implication for a careful reader to assemble on their own.
Start with what Dragos itself already says about intent, because this is the part of the report that should have gotten more attention than it did.
VOLTZITE's headline finding is reconnaissance with a specific, stated objective: Dragos's own language is that the group manipulated industrial software at compromised pipeline facilities explicitly to investigate what would trigger operational processes to stop. That is not generic data theft. That is targeted research into the conditions under which a physical process can be halted — the precise question an operator would need answered before attempting to halt one. Dragos's own kill-chain placement for this activity sits at Stage 2's "Develop" phase, not "Execute ICS Attack." The distinction matters and we are not eliding it. But "Develop" is not "merely watching," either. It is building the specific knowledge a disruption would require, in advance of any decision to attempt one.
Set next to VOLTZITE is AZURITE — a second, newly named Stage 2 group with what Dragos describes as a strikingly similar profile: engineering-workstation access, exfiltration of alarm data and configuration files, demonstrated capability to operate inside OT environments. Dragos is explicit that it has not observed AZURITE manipulating, stopping, or modifying OT-specific software — only identifying and exfiltrating information already present on target systems. And Dragos is equally explicit about what it believes that collection is for. Their own assessment, stated at moderate confidence, is that this activity is highly likely intended to support capability development for the preparation of offensive operations in case of geopolitical conflict.
Read that sentence again, slowly, because it is doing more work than a single line in a 91-page report usually gets credit for. This is not our inference about what AZURITE might be doing. This is Dragos's stated assessment of what AZURITE is doing it for. Two independently tracked groups, with no claimed operational connection to each other, are both — per Dragos's own classification — engaged in the same category of activity: harvesting the specific operational knowledge that precedes disruption, not disruption itself, against U.S. and allied critical infrastructure. Dragos's introduction frames this as a portfolio-level pattern, not a two-group coincidence: multiple threat groups in 2025, independently and across different geopolitical alignments, moved into what the report calls actively mapping control loops — identifying engineering workstations, exfiltrating configuration files and alarm data, and learning how physical processes operate well enough to disrupt them. Dragos's own characterization of what this represents, stated at high confidence, is the removal of the last practical barrier between having access and being able to cause physical consequences — and that these operator teams are being told to prepare to act, not just to maintain options.
That is the intent side of the ledger, and it is documented, not speculative. It is also, notably, not limited to VOLTZITE. KAMACITE — the access-development group that feeds ELECTRUM — spent five months in 2025 running reconnaissance against Schneider Electric drives, Smart HMIs, Accuenergy modules, and Sierra Wireless gateways in a specific sequence that Dragos assesses reflects intent to map entire control loops, not scan isolated devices. No successful exploitation was observed during that window. But the behavior — sequenced, multi-device, control-loop-oriented reconnaissance — is the same behavioral signature showing up a third time, from a third lineage of actors.
And then there is ELECTRUM, where the pattern stops being confined to reconnaissance. In late December 2025, a coordinated cyberattack hit Polish energy infrastructure — combined heat and power facilities and renewable energy generation management systems — with what Dragos describes as deliberate attempts to directly affect operational assets, not merely reconnoiter them. Dragos's attribution to ELECTRUM is moderate confidence and explicitly preliminary; we are not upgrading that confidence level ourselves, and neither should any digest drawn from this piece. But take the attribution as given for a moment and the shape of the finding is the one that should concern any U.S. BESS or distributed-energy operator specifically: a threat group in the same lineage as the ones conducting reconnaissance against U.S. industrial devices has already moved, against a closely adjacent asset class abroad, from mapping to acting.
Now hold that intent picture next to what Dragos's own vulnerability researchers found when they went looking at battery energy storage systems — because this is where the report's own organizational structure obscures its most important finding by filing it under "vulnerability disclosure" instead of "threat landscape."
Following a Department of Energy whitepaper on battery storage risk, Dragos evaluated Nuvation's BMS battery management systems and its Multi-Stack Controllers, and separately ran an internet-wide scan for any device implementing SunSpec, the data-model overlay used across the solar inverter and distributed-energy hardware industry broadly, not just by Nuvation. The Nuvation-specific findings are serious on their own terms: seven CVEs, several with CVSS scores at 9.8 or 9.9, and — this is the detail that did not survive the report's own summary language — the single highest-severity vulnerability in the set, CVE-2025-64123, remains unpatched as of the advisory's last update, despite the Year in Review narrative's characterization that the MSC issues were "since fixed." We are not the first to flag that discrepancy; we flagged it ourselves in our prior coverage of this report, and we are restating it here because it is directly relevant to the argument this editorial is making. A vulnerability the vendor's own advisory still lists as present and impacting the current release is not a closed door. It is an open one with a sign on it that most coverage has read as already shut.
The SunSpec finding is the more structurally important one, and it is the one that connects directly to the intent picture above. Dragos's internet scan found just over one hundred exposed devices implementing SunSpec, including 1MW-class power inverters built to feed power directly into utility grids — several of them apparently live in production, with Dragos reading output directly off the exposed interface in the 500 to 900 kilowatt range. SunSpec-Modbus, as a protocol, permits manipulation without authentication by design. This is not a single vendor's coding error. It is a property of the standard, implemented across an entire hardware category, at a moment when that category — grid-scale battery storage and distributed solar — is being deployed faster than almost any other class of energy infrastructure in the country. Dragos states it has not identified a single device anywhere implementing the SunSpec Alliance's own published security profile, and says plainly that it remains skeptical that profile would meaningfully stop a capable adversary even where adopted.
Sit with what that means operationally, in the specific terms the intent section above already established. The behavioral signature Dragos documents for VOLTZITE, AZURITE, and KAMACITE is: locate internet-facing or OT-adjacent infrastructure, gain access without needing to defeat sophisticated authentication, identify the engineering-level controls governing a physical process, and learn — or simply already possess, depending on the device — the ability to manipulate or halt that process. Against a SunSpec-exposed 1MW inverter, every step in that sequence except the last is already done before an attacker arrives. There is no authentication to defeat. There is no engineering workstation to pivot to and interrogate for "what makes this stop" — the inverter's own management interface answers that question directly, because disconnect is a documented, remotely accessible function, not a manipulation an attacker has to engineer.
This is the precondition we mean. VOLTZITE had to compromise a cellular gateway, pivot laterally, escalate privileges conceptually if not technically, and manipulate engineering software to extract the knowledge of what would stop a pipeline process. None of that staging is required against an unauthenticated SunSpec device. The reconnaissance phase that Dragos documents as the defining activity of 2025's most significant OT threat groups — the phase Dragos itself says exists specifically to prepare for offensive operations in the event of conflict — is, for this entire device category, simply unnecessary. The access and the actionable control are the same step.
We want to be precise about the strength of this claim, because overstating it would be exactly the kind of failure this publication's source-discipline standard exists to catch, and because the source piece we are responding to modeled that discipline carefully enough that we owe it the same treatment here.
We are not asserting that VOLTZITE, AZURITE, KAMACITE, or ELECTRUM have targeted, scanned, or shown any documented interest in Nuvation hardware or SunSpec-compliant inverters specifically. Nothing in Dragos's report supports that claim, and we have found nothing elsewhere that does either. We are not asserting that the December 2025 Polish attack, even taken at Dragos's stated moderate confidence, involved battery storage rather than the CHP and renewable-management systems Dragos actually names. We are not asserting that SunSpec exposure constitutes an active intrusion, a planned one, or evidence that any specific actor is aware these specific 100-plus devices exist.
What we are asserting is narrower and, we think, defensible on the report's own terms: the behavioral pattern Dragos documents — at high confidence, across multiple independently tracked groups, in its own words, in its own report — is reconnaissance specifically aimed at acquiring the operational knowledge needed to disrupt physical processes, undertaken because (per Dragos's own assessment of AZURITE) these groups are preparing for offensive operations in the event of geopolitical conflict. Separately, and via entirely different research, Dragos found that an entire category of energy infrastructure already provides the operational control these groups have shown documented intent to obtain — without requiring any of the reconnaissance, lateral movement, or staging that every one of those documented campaigns required. The first finding establishes the intent is current and demonstrated, not hypothetical. The second establishes that for an entire class of infrastructure, intent is now the only missing ingredient — and exposure of this kind doesn't wait for an adversary to find it on purpose.
This is an editorial judgment built on Dragos's reporting, not Dragos's own conclusion, exactly as our prior coverage of this report's BESS-versus-VOLTZITE prioritization argument was. We are saying so explicitly, the same way, for the same reason: a synthesis this load-bearing should never be allowed to read as though the source did the synthesizing.
The government's own posture on this general category of risk is worth bringing in here, because it shows this argument is not something we invented in isolation — and because being honest about that record means being honest about a real tension inside it, which we think is more useful to name than to smooth over.
The clearest articulation of the "documented intent to prepare for disruption" framing did not originate with Dragos. It came from the U.S. government's own joint advisory process. In February 2024, CISA, the NSA, and the FBI — joined by counterparts in Australia, Canada, New Zealand, and the UK — issued a follow-up advisory to their original May 2023 disclosure on Volt Typhoon's living-off-the-land tradecraft. That original 2023 advisory was narrowly technical: it documented how Volt Typhoon evaded detection using legitimate system tools, without venturing an assessment of strategic intent. The February 2024 follow-up went further, in the agencies' own words: the authoring agencies assess that PRC state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The advisory states this with high confidence, and grounds it in the same kind of behavioral observation Dragos uses for AZURITE and VOLTZITE: Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations. The agencies had, by that point, observed footholds maintained inside victim environments for at least five years, and one confirmed compromise in which Volt Typhoon actors moved laterally to a control system and were positioned to move to a second one.
FBI Director Christopher Wray testified to the House Select Committee on the Chinese Communist Party that same week, and his language was, deliberately, less hedged than the advisory's own: China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities. He flagged 2027 specifically as a year the CCP "has circled on its calendar" — a reference to widely reported PLA modernization timelines tied to Taiwan contingency planning, not a claim original to the FBI. That is intent-framing from the U.S. government, independent of Dragos, describing exactly the category of preparatory access this editorial argues the SunSpec exposure would trivially provide.
Here is the tension we think is more useful to state than to bury: that 2024 framing was the high-water mark of public alarm on this specific point, and the government's most recent public statement on it, as of this writing, is notably softer. DNI Tulsi Gabbard's March 2026 Annual Threat Assessment testimony to the Senate Select Committee on Intelligence does not name Volt Typhoon in its cyber-domain remarks at all, and on the Taiwan question specifically, the assessment states that the IC judges China will likely seek to set the conditions for an eventual peaceful reunification with Taiwan, short of conflict. That is a materially different emphasis than Wray's 2024 testimony, and outside reviewers — the Foundation for Defense of Democracies among them — have already flagged the 2026 assessment as hedging on the most likely Taiwan-crisis scenario rather than committing to a judgment.
We do not think that tension undermines the argument in this piece, and we want to say plainly why rather than simply asserting it. The 2026 ATA's softer language addresses the geopolitical likelihood of conflict — a judgment about Beijing's intentions and strategy that can reasonably shift year to year with diplomatic conditions. It says nothing about whether the pre-positioning access itself has been removed, reduced, or rendered less capable, and nothing in the public record suggests it has. Dragos's own February 2026 reporting — outside the Year in Review document itself — has the company's CEO on record stating that Volt Typhoon-linked footholds remain active inside U.S. utilities, and that some compromised sites likely never will be found. A lower near-term probability of conflict is not the same claim as a smaller or less-prepared set of footholds waiting on the other side of one. If anything, a government assessment that treats conflict as less imminent while the access itself goes unmentioned is a reason for industry-side vigilance to increase, not relax, precisely because the public alarm cycle that drove the 2023 to 2024 advisory sequence appears to have cooled faster than the underlying exposure has.
What follows from holding intent and exposure together, rather than treating them as separate line items in two different sections of a vulnerability report.
For any organization operating battery storage, grid-tied solar inverters, or other SunSpec-compliant distributed energy hardware: that hardware is not a peripheral, IT-adjacent convenience sitting outside your OT security perimeter. It is the device category that, per Dragos's own report, multiple independently tracked threat groups have demonstrated sustained intent to access for purposes the U.S. government has separately and directly assessed, at high confidence, as preparation for disruption in the event of conflict. Treat it accordingly: remove direct internet exposure for BMS and inverter management interfaces without exception; if a vendor-managed cloud or VPN path exists, audit it specifically for the cross-tenant access failure Dragos found in Nuvation's own cloud service; and build a SunSpec/Modbus traffic baseline now, while "before an incident forces it" is still an accurate description of where the industry stands.
For the broader OT-defense community, the harder point is about how report findings get triaged for urgency. A documented intrusion with a named victim sector reads, correctly, as more urgent than an exposure nobody has yet been caught exploiting. But "documented intent, demonstrated repeatedly, by multiple independent actors, explicitly to prepare for disruption" plus "the precondition for that disruption already exists, unauthenticated, at scale, in the fastest-growing segment of the grid" is not a lesser finding merely because it lacks a named victim. It is, if anything, the finding that should generate the most urgency precisely because nothing has happened yet — which means there is still time to close the door before a future Dragos report has to describe who walked through it.
We are confident enough in the shape of this argument to state it plainly. We are not confident enough in any single piece of it to claim more than we have. No named group has touched a SunSpec inverter. The Poland attribution is preliminary. The ATA's Taiwan language has softened. All three of those caveats are true at once, and none of them changes the fact that the precondition is already sitting on the internet, unauthenticated, waiting on intent that multiple independent actors have already, repeatedly, on the record, demonstrated.
— Jonathan Brown, Border Cyber Group | bordercybergroup.com Support independent security journalism!
Member discussion: