The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Japan National Police Agency (NPA) and Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) recently published a Joint Cybersecurity Advisory (CSA) about malicious activity by People’s Republic of China (PRC)-linked cyber actors known as BlackTech, which have demonstrated capabilities to modify router firmware without detection and exploit routers’ domain-trust relationships. The authoring agencies have observed PRC-linked cyber actors leveraging this exploitation of routers to pivot from global subsidiary companies to corporate headquarter networks in the U.S. and Japan.
The advisory details activity by these cyber actors and provides BlackTech tactics, techniques and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access and consider implementing zero trust models to limit the extent of a potential BlackTech compromise.