Published at: 2 Oct, 2023, 19:37 [IST]
The security agencies of the United States, comprising the FBI and NSA, have issued a cautionary advisory pertaining to malevolent entities associated with China. In an official communiqué disseminated by these agencies, a collaborative cybersecurity advisory (CSA) has been released, elucidating the actions of cyber actors with ties to China, known as BlackTech. The agencies have expounded that BlackTech possesses the prowess to surreptitiously modify router firmware and exploit the domain-trust relationships of routers, enabling a pivot from international subsidiaries to the primary targets situated in Japan and the United States.
Whom Does BlackTech Pursue?
BlackTech, recognized by various aliases including Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, as affirmed by the agencies, has directed its focus towards governmental, industrial, technological, media, electronic, and telecommunication sectors. This also encompasses entities that provide support to the military apparatus of both the United States and Japan. The operational methodology of BlackTech actors involves the utilization of bespoke malware, dual-purpose tools, and stratagems rooted in “living off the land” tactics, such as the incapacitation of router logging, to cloak their activities.
According to the agencies, BlackTech has been actively engaged in such pursuits since the year 2010. Throughout its history, BlackTech actors have persistently targeted a diverse spectrum of public organizations and private industries across the United States and East Asia.
BlackTech cyber actors employ tailor-made malware payloads and remote access tools (RATs) to infiltrate the operating systems of their victims. These actors have devised an array of customized malware families, targeting operating systems such as Windows, Linux, and FreeBSD.
Moreover, BlackTech has set its sights on various brands and iterations of router devices. Employing assorted tactics against routers, these actors are adept at concealing configuration alterations, obfuscating commands, and nullifying logging mechanisms during the execution of their operations. The agencies have underscored the imperative for multinational corporations to scrutinize all subsidiary connections, authenticate access, and contemplate the adoption of Zero Trust models as a means to mitigate the potential consequences of a BlackTech compromise.