Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Network Firewalls, Network Access Control

Chinese Hackers Target Routers in IP Theft Campaign

BlackTech Exploits Trusted Relationship Between Outpost and Parent Firm
Chinese Hackers Target Routers in IP Theft Campaign
Image: Shutterstock

A Chinese hacking group linked to state authorities in Beijing has upgraded its espionage capabilities to target companies with headquarters in the United States and East Asia, warned an alert from Japanese and American cyber agencies.

See Also: OnDemand | Where Did the Hackers Go? They Ran(somware): Insights into Ransomware Recovery

The latest campaign from BlackTech has targeted networks of regional subsidiaries across government, industrial, technology and defense industrial base sectors. BlackTech, active since 2010, is also tracked as Circuit Panda, Palmerworm and Temp.Overboard. The group has stolen intellectual property from Taiwanese technology firms and occasionally has targeted companies in Japan and Hong Kong.

In its latest campaign, the group is looking for network devices, including routers, located at branch offices to compromise as a gateway into the larger corporate network, said Eric Goldstein, executive assistant director for cybersecurity.

BlackTech has a customized firmware backdoor tailored for Cisco routers that allows its hackers to maintain backdoor access without their connections showing up in logs. To install the custom malware, hacker use their already elevated privileges on the router to install an older, legitimate firmware version. They modify it in memory to install an unsigned bootloader and their malicious firmware.

The group deploys a range of custom malware payloads and remote access tools to target victim operating systems. Among the tools are BendyBear, FakeDead - also known as TSCookie, and Flagpro. BlackTech also uses Windows utilities for its own ends - a technique known as "living off the land."


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.