Legal Insurrection readers will recall that a sudden and unprecedented power outage struck the entire Iberian Peninsula in late April, plunging nearly all of Spain and Portugal into darkness for several hours.
The blackout, one of the largest in recent European history, also briefly affected parts of southern France and Andorra. Essential services, public transportation, telecommunications, and financial systems were severely disrupted. At least eight deaths have been linked to outage-related incidents.
While the cause was not related to a cyber-attack, such a security breach was an early consideration. There are reasons to be worried about solar power systems being hacked.
Recent investigations by U.S. energy officials have uncovered undocumented communication devices, referred to as “rogue” devices, embedded within some Chinese-made solar power inverters and related equipment.
U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers.While inverters are built to allow remote access for updates and maintenance, the utility companies that use them typically install firewalls to prevent direct communication back to China.However, rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues, the two people said.
The European energy market is even more dependent on solar power and Chinese products, and officials there are alarmed by the U.S. team’s discovery.
The European Solar Manufacturing Council (ESMC), the body which represents the interests of some Europe-based PV companies, said that: “With over 200GW of Europe’s solar capacity relying on these inverters—equivalent to more than 200 nuclear power plants—the security risk is systemic.”In a LinkedIn post, it called on the European Commission (EC) to examine the “risk potential for sabotage and espionage” of manufacturers of components that can “significantly influence the behaviour” of the European grid. It also called for “rigorous audit and validation tools” and a fully transparent software bill of materials (BOM).The ESMC and fellow trade body SolarPower Europe have been ramping up calls for greater cybersecurity protection for European inverters. Earlier this month, the ESMC called for a restriction for remote access to inverters from “high risk” Chinese manufacturers.
Legal Insurrection readers may recall my previous reports on Salt Typhoon, the codename for a sophisticated Chinese state-sponsored cyber espionage group, believed to be operated by China’s Ministry of State Security (MSS). The group had previously hacked into American internet provider systems, the US Treasury, and Trump-Vance campaign telephone systems.
According to a late April 2025 interview with Brett Leatherman, FBI deputy assistant director of cyber operations, Salt Typhoon remains active. The group is still considered a threat, and while affected telecommunications companies have reported that the actors have been “contained,” there is no confirmation of full eradication from all networks.
There are other “Typhoon Groups,” including Volt Typhoon, an advanced persistence threat group specializing in cyberespionage and cyberwarfare. Its primary focus is on targeting critical infrastructure in the United States and its territories.
Volt Typhoon is still active. Salt Typhoon is still active. As far as being in the networks, for Salt Typhoon, that’s a hard question for me to answer because the telcos themselves continue to look in those networks. The telcos have indicated to us, and publicly, that they’ve contained the actors. Until they’ve indicated they’ve eradicated them, there’s a presumption they could still be in the networks.For advanced persistent threats like the Typhoons, their goal is to establish persistence. They’re very good. They’re state actors who have tremendous money and resources behind them. Once they get into an environment, they don’t want to rely on the vulnerability that got them in there all the time; they want to set up alternate ways to get in. That’s what the companies and the threat mitigation firms are doing, trying to identify were there areas of persistence that they were able to obtain for later use and stay in the environment.Our confidence right now is that we have eliminated their ability to have a substantial impact against United States critical infrastructure. But we do know that they continue to seek positions, not necessarily in critical infrastructure, but on end-of-life legacy devices. Our goal is to prevent them from getting to the point where they amass that kind of access.
It is clear that China will use “any means necessary to spy on, steal from, or strangle our nation. Decoupling from their electronic and energy equipment is critical to our security.
CLICK HERE FOR FULL VERSION OF THIS STORY