The U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) have collaboratively released a Cybersecurity Advisory (CSA) alongside Japanese partners, addressing the actions of cyber actors associated with the People’s Republic of China (PRC), specifically identified as BlackTech.
Furthermore, this advisory, titled “PRC-Linked Cyber Actors Hide in Router Firmware,” sheds light on BlackTech’s tactics, techniques, and procedures (TTPs), emphasizing the need for vigilance among multinational corporations. The advisory calls on these organizations to thoroughly assess subsidiary connections, validate access, and contemplate the implementation of zero-trust models as a precautionary measure against potential BlackTech compromises.
One of the most concerning aspects highlighted in the advisory is BlackTech’s proficiency in surreptitiously altering router firmware while remaining undetected. Additionally, the threat group exploits domain-trust relationships, primarily targeting the headquarters of organizations in Japan and the United States. To counter this cyber threat, CISA strongly recommends that organizations review the advisory and proactively adopt the provided detection and mitigation techniques to fortify the security of their devices and networks.
Furthermore, the advisory directs interested parties to additional resources for comprehensive guidance on safeguarding against state-sponsored cyber actors exploiting network providers and devices, as well as offering insights through CISA’s China Cyber Threat Overview and Advisories page.
