Cybersecurity Risks and Threats to Aging Critical Infrastructure and Renewable Energy Systems
Critical infrastructure worldwide, including power grids, water systems, and transportation networks, is increasingly vulnerable due to aging hardware and outdated cybersecurity measures. Many of these systems, built between the 1950s and 1970s, were never designed for the hyperconnected digital environment of today, leaving them exposed to both physical decay and cyber threats. In the United States, nearly 70% of the power grid is over 25 years old, and similar conditions exist in Europe, with a significant portion of bridges and other infrastructure in need of repair. As operators modernize these systems with digital controls and cloud-based monitoring, new attack surfaces emerge, such as legacy interfaces, unpatched software, and unsupported protocols, which can be exploited by threat actors. The interconnectedness of these systems means that a single vulnerability, such as an infected maintenance laptop or a misconfigured firewall, can have cascading effects across multiple sectors. The adoption of digital twins and shared data platforms is helping operators predict failures and coordinate responses, but the risk remains high. The rapid growth of renewable energy, particularly solar power, has introduced additional cybersecurity challenges. Solar inverters, aggregators, and control software have become attractive targets for cybercriminals, as demonstrated by real-world incidents where hackers exploited default credentials and known software flaws to hijack remote monitoring devices. The FBI has issued alerts about threats to renewable energy systems, and experts warn that tampering with connected infrastructures, including EV charging networks, could lead to widespread blackouts. The transition to renewables is outpacing the implementation of robust cybersecurity measures, making the sector a potential weak link in national energy resilience. High-profile attacks, such as the hijacking of 800 monitoring devices in Japan using a Mirai botnet-linked vulnerability, highlight the global nature of the threat. Hacktivist groups have also targeted solar monitoring systems, further exposing the sector's vulnerabilities. The integration of renewables into the grid, often outside the direct control of traditional operators, complicates efforts to secure the entire energy ecosystem. As the share of renewables in power generation is projected to rise significantly by 2030, the urgency to address these cybersecurity gaps is growing. Experts emphasize the need for proactive monitoring, regular updates, and coordinated information sharing between engineers and security teams to mitigate risks. The resilience of critical infrastructure now depends not only on physical maintenance but also on the ability to anticipate and defend against sophisticated cyber threats targeting both legacy and emerging technologies.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Reports raise concern over undocumented modules in Chinese-made inverters
Reports emerged that some Chinese-made inverters contain undocumented communication modules that could bypass perimeter defenses. The issue heightened supply-chain and hardware integrity concerns for solar deployments.
Researchers report dozens of inverter vulnerabilities
Researchers disclosed that solar inverters contain dozens of vulnerabilities that could enable compromise at fleet scale. The findings emphasized the inverter as a particularly exposed component because of growing Wi‑Fi, cellular, and cloud connectivity.
Just Evil targets Ignitis Group solar monitoring system
The hacktivist group Just Evil reportedly attacked a solar monitoring system used by Lithuania's Ignitis Group. The incident underscored that solar monitoring platforms are becoming direct targets for disruptive or politically motivated activity.
Mirai-linked flaw used to hijack monitoring devices in Japan
Remote monitoring devices in Japan were reportedly hijacked via a known vulnerability associated with Mirai, showing how internet-exposed renewable energy components can be co-opted through commodity exploitation. The case highlighted risks to monitoring and control systems connected to solar operations.
Default credentials expose solar plant in India
A solar power plant in India was reportedly accessible using default credentials, illustrating weak authentication practices in renewable energy environments. The incident is cited as an example of real-world exposure in operational solar infrastructure.
FBI issues industry alert on threats to renewable energy systems
The FBI published an industry alert warning about cyber threats targeting renewable energy systems, reflecting growing institutional concern over the sector's exposure. The alert was specifically noted as having been issued in July 2024.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Europe Warns of Rising Threats to Energy Grids and Undersea Infrastructure
European officials and industry reporting have highlighted a widening threat to critical infrastructure as cyber risks to electricity networks grow alongside military monitoring of subsea assets. An International Energy Agency assessment cited in Spanish reporting said cyberattacks on critical energy infrastructure rose 30% in 2023 to **420 million** globally, while attacks on energy service companies have quadrupled since 2020. Recent incidents include the 2022 satellite communications disruption that knocked **5,800 wind turbines** offline in Germany and breaches affecting more than 20 Danish energy companies. Authorities have also warned that compromised smart meters, solar inverters, and battery systems could be used to destabilize grid frequency or trigger broader outages. The concern extends beyond direct hacking to supply-chain and geopolitical exposure tied to digitally connected clean-energy equipment and other strategic infrastructure. European and U.S. authorities reviewed communications modules in imported solar and battery systems, while Lithuania moved to block remote access by Chinese suppliers to solar, wind, and storage control platforms. Separately, the UK said British and Norwegian forces carried out a month-long operation to track a Russian attack submarine and two GUGI-linked spy submarines near North Atlantic cables and pipelines, underscoring fears that hostile states could target the seabed networks that carry **99% of international telecommunications traffic** and support a major share of regional energy supplies.
Apr 9, 2026
European Power Grid Resilience and Security Challenges
A massive power outage affected Spain, Portugal, and parts of southwestern France, leaving tens of millions without electricity for hours due to cascading failures in the power generation and transmission systems. The incident, which was not caused by a cyberattack but by technical and operational failures, highlighted the fragility of interconnected European grids and raised concerns about the preparedness of critical infrastructure against both accidental and malicious disruptions. Experts noted that fragmented incident handling and lack of coordination among European operators exacerbate the risk of widespread outages, drawing parallels to past cyberattacks on power grids such as the 2015 Ukraine incident. In response to increasing threats, industry analysts and regulators are urging grid operators to unify cybersecurity and physical security strategies. The convergence of operational technology (OT) and information technology (IT) has exposed critical infrastructure to a broader range of cyberthreats, including ransomware and malware, while physical attacks on grid assets have also surged in recent years. Surveys indicate that grid operators are equally concerned about cyber and physical risks, emphasizing the need for integrated security approaches to safeguard the reliability and resilience of power delivery systems.
Apr 8, 2026
US Critical Infrastructure Security and Modernization Initiatives
US critical infrastructure faces increasing threats from both aging technology and sophisticated nation-state adversaries, prompting urgent calls for modernization and enhanced security. Experts highlight the unique challenges of operational technology (OT) environments, such as legacy systems and limited budgets, and discuss Tennessee's ambitious efforts to become the most secure state by hardening its power grids, water systems, and industrial controls. Nationally, organizations like the Institute for Critical Infrastructure Technology (ICIT) are advocating for a comprehensive vision to strengthen and modernize critical infrastructure by 2026, emphasizing the need for greater awareness, investment, and resilience against both physical and cyber threats. Recent incidents underscore the severity of the threat landscape, with Chinese state-sponsored actors reportedly pre-positioning themselves within US water utilities and other essential services, moving beyond espionage to potential disruptive and destructive operations. The growing vulnerability of basic services, such as electricity and water, has become a political and security flashpoint, with rising costs and overdue bills compounding the risks. These developments have drawn attention from policymakers, industry leaders, and the public, reinforcing the necessity for coordinated action to protect the nation's critical infrastructure from evolving cyber and physical threats.
Mar 21, 2026