The United States’ security agencies — including FBI and NSA — have issued a warning about bad actors linked to China. According to a press release issued by the agencies, a joint cybersecurity advisory (CSA) has been issued to detail activity of China-linked cyber actors known as BlackTech. “BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships for pivoting from international subsidiaries to headquarters in Japan and the U.S. — the primary targets,” said the agencies.
Who are the targets of BlackTech?
BlackTech, which according to the agencies, also goes by different names including Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda) actors have targeted government, industrial, technology, media, electronics, and telecommunication sectors, including entities that support the militaries of the US and Japan. BlackTech actors’ modus operandi is to use custom malware, dual-use tools, and living off the land tactics, such as disabling logging on routers, to conceal their operations.
According to the agencies BlackTech has been active since 2010. BlackTech actors have historically targeted a wide range of the US and East Asia public organisations and private industries.
BlackTech cyber actors use custom malware payloads and remote access tools (RATs) to target victims’ operating systems. The actors have used a range of custom malware families targeting Windows, Linux, and FreeBSD operating systems.
BlackTech has also targeted and exploited various brands and versions of router devices. The various tactics against routers enable the actors to conceal configuration changes, hide commands, and disable logging while BlackTech actors conduct operations. The agencies have highlighted the need for multinational corporations to review “all subsidiary connections, verify access, and consider implementing Zero Trust models to limit the extent of a potential BlackTech compromise.”
Who are the targets of BlackTech?
BlackTech, which according to the agencies, also goes by different names including Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda) actors have targeted government, industrial, technology, media, electronics, and telecommunication sectors, including entities that support the militaries of the US and Japan. BlackTech actors’ modus operandi is to use custom malware, dual-use tools, and living off the land tactics, such as disabling logging on routers, to conceal their operations.
According to the agencies BlackTech has been active since 2010. BlackTech actors have historically targeted a wide range of the US and East Asia public organisations and private industries.
BlackTech cyber actors use custom malware payloads and remote access tools (RATs) to target victims’ operating systems. The actors have used a range of custom malware families targeting Windows, Linux, and FreeBSD operating systems.
BlackTech has also targeted and exploited various brands and versions of router devices. The various tactics against routers enable the actors to conceal configuration changes, hide commands, and disable logging while BlackTech actors conduct operations. The agencies have highlighted the need for multinational corporations to review “all subsidiary connections, verify access, and consider implementing Zero Trust models to limit the extent of a potential BlackTech compromise.”
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.