In May 2025, Reuters disclosed that Chinese-made solar inverters were being delivered with undocumented cellular radios—SIM-card slots and RF circuitry secretly soldered onto their PCBs and omitted from every datasheet and SBOM. Technicians at several U.S. solar farms traced unexpected LTE handshakes back to these devices, and teardown inspections confirmed factory-installed backdoors capable of bypassing firewalls and OT monitoring. Further briefings revealed that, as early as November 2024, attackers had already leveraged these covert channels to remotely disable inverters in the U.S. and abroad, demonstrating a pre-positioned “kill-switch.”
This attack aligns with Supply-Chain Compromise (T0862) in MITRE ATT&CK® for ICS, where hardware implants inserted during manufacturing lie dormant until activation. Once live, the hidden radios perform Adversary-in-the-Middle (T0830) techniques—intercepting and altering control communications so firmware tampering or shutdown commands appear as routine maintenance. Three critical gaps enabled this breach:
CISA’s SBOM and HBOM frameworks emphasize transparent component inventories and randomized hardware audits to catch such hidden modules before they reach production.
Radiflow builds and maintains a live digital model of your OT network, uncovering every asset, interface, and firmware version to highlight hidden modules and segmentation gaps. This model guides zero-trust hardening and zone-based protections. Passive iSID sensors then monitor all control traffic, learning normal patterns and generating immediate alerts on any protocol anomaly, each correlated against site-specific risk levels. During an incident, every detection and containment action is recorded to ensure a rapid, informed recovery and clear compliance reporting. Meanwhile, CIARA Risk Management continuously validates your environment against IEC 62443, NERC CIP, NIST 800-82, and NIS 2 standards, quantifies compliance gaps, and prioritizes the highest-impact mitigations and investments.
“Hidden hardware backdoors undermine every assumption about device trustworthiness,” says Ilan Barda, CEO of Radiflow. “By demanding full supplier transparency, enforcing zero trust, and maintaining continuous, behavior-based monitoring, we can stay steps ahead of adversaries who plan years in advance.”
Project Management in OT/ICS Projects with IEC 62443 and MITRE ATT&CK using Radiflow
Rogue Communication Modules in Solar Inverters: Radiflow Threat Analysis
Securing Legacy Utility Substations with Garland Technology and Radiflow