An old Chinese state-linked actor has been manipulating Cisco routers to breach multinational organizations in the US and Japan. BlackTech has been replacing device firmware with a malicious version to pivot from smaller, international subsidaries to headquarters of affected organizations. The organizations include media, technology, electronics and government sectors.
A joint cybersecurity advisory from the NSA, FBI, and CISA say the organizations impacted also include supporting entities for the US and Japanese militaries. Cisco routers have been subject to IP theft and compromise since the company helped China build its national internet censorship apparatus. BlackTech uses 12 different custom malware families for establishing footholds in different operating systems. BlackTech’s goal is to escalate within the target network until it gains administrator privileges over vulnerable network routers. There are certain steps companies can take to mitigate against BlackTech’s TTPs, but this may be an example of a deeper issue in edge security.
Read More: China APT Cracks Cisco Firmware in Attacks Against the US and Japan
