How 'BlackTech' hackers from China are sneaking into military, government systems all over the world
How 'BlackTech' hackers from China are sneaking into military, government systems all over the world
The FBI and NSA, among other US security organizations, have issued a warning about malicious cyber players linked to China.
According to a news release released by the agencies, a joint cybersecurity alert (CSA) detailing the actions of China-linked cyber criminals known as BlackTech has been issued.
The press release stated, “BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets”.
According to the agencies, BlackTech is also known by other names such as Palmerworm and Temp.Overboard, Circuit Panda, and Radio Panda.
These hackers have targeted the government, industrial, technological, media, electronics, and telecommunications sectors, as well as companies supporting the US and Japanese militaries.
To disguise their operations, BlackTech operators deploy specialized malware, dual-use tools, and living off-the-land strategies such as disabling logging on routers.
BlackTech has been operating since 2010, according to the agencies. BlackTech hackers have historically targeted a diverse spectrum of public and private organizations in the United States and East Asia.
BlackTech cyber criminals target victims’ operating systems with tailored malware payloads and remote access tools (RATs). The attackers employed a variety of bespoke malware families designed to target Windows, Linux, and FreeBSD operating systems.
BlackTech has also targeted and exploited several router manufacturers and versions. While BlackTech actors undertake operations, the numerous approaches against routers allow them to conceal configuration changes, obscure commands, and prevent logging.
The authorities emphasized the importance of multinational firms reviewing “all subsidiary connections, verifying access, and considering implementing Zero Trust models to limit the extent of a potential BlackTech compromise.”
What's Your Reaction?
