National security operatives have found communication devices embedded within Chinese-manufactured solar power inverters and batteries, again raising significant concerns about the security of critical energy infrastructure. These devices, capable of bypassing established cybersecurity measures, appear to be capable of remote manipulation. Successful exploitation could lead to widespread power grid disruption. The following is my take on the technical aspects of the devices, design and data transmission methodologies, the potential locations of data collection receivers, and if their deployment aligns with known Chinese Foreign Intelligence Service (FIS) models and methodology. The following is based on my review of NON-CLASSIFIED INFORMATION.
The integration of renewable energy sources into U.S. power grids has been a cornerstone of our efforts to combat climate change. Central to this integration are power inverters, devices that convert direct current (DC) from solar panels and wind turbines into alternating current (AC) suitable for distribution across the power grid. We now have a really disconcerting development: the discovery of rogue communication devices within Chinese-manufactured inverters and batteries.
Device Composition and Integration
Investigations have revealed that certain Chinese-made solar inverters and batteries contain undocumented communication modules, including cellular-like mechanisms. These components are not listed in product specifications and are capable of establishing independent communication channels, effectively bypassing existing cybersecurity firewalls . The presence of such modules allows for potential remote access and control. (More about this in the counterintelligence section below.) These devices are covertly integrated into the hardware of the inverters and batteries making detection challenging during normal inspections. Their design suggests a deliberate effort to conceal them. The functionalities that can be activated remotely are also a BIG red flag. The integration of these components indicates a high level of sophistication and planning, aligning with tactics observed in state-sponsored cyber-espionage and sabotage operations.
Communication Channels
The devices appear to utilize various communication methods to transmit data, including cellular networks, perhaps local bluetooth-like transmission and potential satellite communications. The use of satellite communication modules such as the Iridium 9603 allows for global coverage and low-latency transmission. This feature would enable remote control capabilities even in areas with limited terrestrial network access .
Data Exfiltration and Command Reception
These communication modules can facilitate both the exfiltration of data from the energy platforms and the reception of remote commands. This bidirectional communication capability poses enormous risks because of the potential extraction of sensitive information and the execution of commands that could disrupt or damage energy infrastructure.
Potential Locations of Data Collection Receivers
The specific locations of collection receivers are classified, however, the nature of the communication methods suggests that data could be transmitted to centralized servers managed by entities affiliated with or under the influence of Chinese FIS. The use of satellite communications makes the identification of data endpoints complicated, as signals can be received from literally any point on the globe. The Chinese station in Cuba would be convenient, however, given China’s extensive global infrastructure and technological reach, it is plausible that transmissions could be routed through multiple international nodes before reaching a final collection point.
Alignment with Chinese Foreign Intelligence Service Models
China’s National Intelligence Law mandates that all organizations and citizens support, assist, and cooperate with state intelligence operations. This legal framework provides Chinese FIE with broad authority to compel companies to integrate surveillance and data collection mechanisms into their products. The deployment of rogue communication devices in energy infrastructure aligns with this model, facilitating intelligence gathering and potential sabotage capabilities. Chinese FIS operations employ a combination of cyber and HUMINT tactics to penetrate foreign systems. The integration of clandestine communication devices into critical infrastructure represents yet another example of these tactics, blending hardware manipulation with cyber capabilities. These tactics are consistent with the strategy of the Ministry of State Security and the People’s Liberation Army’s intelligence units that seek to enhance China’s advantages through technological means.
Implications for Global Energy Security
The discovery of these devices in solar components has grave implications for U.S. energy grid security. The potential for remote manipulation of power systems threatens not only the stability of national grids but also the safety and well-being of populations reliant on consistent energy delivery. The erosion of trust in international supply chains is also a grave peril, leading to increased protectionism and damage to global trade relationships. The integration of undocumented communication devices into Chinese-manufactured solar inverters and batteries represents a grave security concern. The technical sophistication of these components, coupled with their potential alignment with Chinese FIS objectives, underscores the need for new scrutiny and enhanced TSCM practices with regards to foreign-manufactured critical infrastructure components.
The Counterintelligence View
This is a bit technical so bear with me. There is a method to the madness. Problem 1: Inverters are generally equipped with ARM Cortex-M or Cortex-A series microcontrollers that serve as the core processing units for power conversion and monitoring. The covert components appear to use separate, low-power System-on-Chip (SoC) devices (think “MediaTek MT6261D or Espressif ESP32-S3 series”) which deploy onboard baseband processors capable of handling GSM/3G/4G/LTE communications. These SoCs are preloaded with proprietary firmware and operate outside the visibility of the host inverter firmware. These covert devices appear to use integrated RF transceivers on GSM bands, contain embedded GPS modules for geolocation, and have I2C or UART interface capability for stealth data siphoning from inverter controller. Unless there is a simple process for detecting the very small loss of power or disabling the cellular capability, the entire product must be scrapped. Jamming transmissions is not a feasible countermeasure considering the enormous geographic dispersion of a popular solar system component.
A transmission requires a collection part, a transmitter, something that functions as an antenna, and a power source. Problem 2: There is a redundant power supply path. Some units tap the inverter’s DC bus (48V nominal) deploying step-down DC-DC converters to deliver the 3.3V/5V required by the communication hardware. So, the shit-rogue device can acquire and/or broadcast even if the main inverter is powered down (assuming there is residual DC input from the solar panels or battery storage). Sophisticated design is evidenced by minimal-energy storage to allow burst transmissions, EMI shielding to reduce signatures and transient suppression to avoid triggering protective circuits. Again, there may not be any feasible technical countermeasure other than tossing the entire thing in the garbage.
Problem 3: Perhaps the most concerning feature is the presence of covert communication interfaces. The presence of miniature embedded GSM modules that can transmit over mobile networks is a clear indicator of the device’s true purpose. These can be paired with internal PCB-trace antennas which makes detection extremely difficult without picking the entire product apart and/or conducting a full-spectrum TSCM RF analysis. Some units, notably ones used in off-grid or critical infrastructure installations, contain Iridium 9603 transceivers. The Iridium Short Burst Data (SBD) service enables low-latency two-way messaging literally anywhere on Earth. BLE 4.0/5.0 (“Bluetooth”) modules are sometimes embedded to allow nearby short-range device pairing, enabling covert firmware updates or configuration changes via proximity-based access. From a counterintelligence perspective this one is the easiest to detect as it requires the presence of field operatives.
Problem 4: Collection and hijack are extremely problematic. The rogue devices are capable of silently intercepting inverter data via UART snooping of RTU traffic between the inverter controller and grid management mechanisms. RS-485 differential signal bridging architecture in these devices allows simultaneous passive read and active command injection. So, not only can they passively collect performance, grid sync, and telemetry but also insert remote commands (think “demand spikes, phase shifts, or false trip signals”) which could destabilize grid operations. Countermeasure? The garbage bin.
In truth, we are fortunate to have discovered this attempt to compromise these components. Once operational, detection would have been extremely difficult. The unclassified exhibits demonstrate very sophisticated anti-forensic features. They present obfuscated PCB silkscreening or black conformal coating as a physical deception, RF shielding within inverter chassis grounding, no identifiable MAC addresses and time-triggered sleep cycles which makes TSCM useless unless the sweep is conducted at the exact moment of a transmission. Encrypted communication via proprietary, obfuscated firmware (AES-128 in CTR) further points a finger at a sophistication attributable to state-level FIS. China’s intelligence doctrine views everything; commerce, academia, and even kids’ toys as vectors and to their advantage. Chinese “unrestricted warfare” doctrine, i.e., any mass-produced consumer or industrial good may serve as a channel for acquisition or disruption, explains the rogue components in solar inverters, another part of a larger, systematic effort to weaponize supply chains and exploit technological dependencies.
References
Reuters. (2025, May 14). Rogue communication devices found in Chinese solar power inverters. Retrieved from: https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/
TechRadar. (2025, May 14). Chinese energy tech exports found to contain hidden comms and radio devices. Retrieved from: https://www.techradar.com/pro/security/chinese-energy-tech-exports-found-to-contain-hidden-comms-and-radio-devices
DIY Solar Forum. (2025, May 14). Rogue Chinese communication devices found in Solar inverters. Retrieved from: https://diysolarforum.com/threads/rogue-chinese-communication-devices-found-in-solar-inverters.104871/page-4
Wikipedia. (2025, April). National Intelligence Law of the People’s Republic of China. Retrieved from: https://en.wikipedia.org/wiki/National_Intelligence_Law_of_the_People%27s_Republic_of_China
Jamestown Foundation. (2024, March). Foreign Intelligence Hackers and Their Place in the PRC Intelligence Community. Retrieved from: https://jamestown.org/program/foreign-intelligence-hackers-and-their-place-in-the-prc-intelligence-community/
