Several state-linked threat groups known for breaking into operational technology (OT) networks have shifted their focus over the past year from gaining and maintaining access to actively mapping out ways to disrupt physical industrial processes. The shift poses a significant threat because fewer than one in 10 OT networks have monitoring in place to detect such activity, according to industrial cybersecurity firm Dragos. The group that Dragos tracks as Voltzite, which other researchers have linked to China’s Volt Typhoon campaign, was observed manipulating engineering workstations inside US energy and pipeline networks to determine what operational conditions could trigger process shutdowns...