Several organizations and cybersecurity agencies in the United States and Japan have been targets of attacks by a group of hackers called BlackTech, allegedly linked to the Chinese government. According to the the record, since 2010, the group has been indicted by the FBI, NSA and other cybersecurity agencies in the two targeted countries for exploiting vulnerabilities in routers during their attacks.
As mentioned, the group has been modifying the firmware of the routers to carry out the activity, pointing to companies located in the United States and Japan. In its modus operandi, BlackTech begins by gaining access to the subsidiaries' internal networks, gaining access to other branches of the business structure until reaching the center of the targeted organizations.
Hackers thus take advantage of the trust relationship between the subsidiaries' networks, gaining administrator access to the networks' edge equipment, modifying their firmware to maintain the persistence of their presence on the network.
The CISA agency warns of the sophistication and aggressiveness of the Chinese group's global operations and its ability to gain persistent access, which in the case of BlackTech has resulted in the theft of intellectual property and sensitive data. The group's victim organizations are from the public and private sector, in the United States and East Asia. Companies in the industrial, technology, media, electronics and telecommunications sectors are affected.
BUT: Chinese hackers target US government agencies
The group uses customized malware to try to cover its tracks by turning off the authentication capacity on routers, making investigative actions difficult. And hackers update their tools to steal authentication certificates so that malicious software appears legitimate. The group attacks small equipment used in more remote offices, but linked to the groups' headquarters.
Several brands of routers were exploited, but several Cisco versions were targeted by custom malware. Its firmware has been replaced, granting network privileges. In certain cases, hackers were able to use a Cisco tool to automate tasks that automatically removed traces of their malicious work, the publication says.
At the end of September, Chinese hackers took advantage of a Microsoft flaw to access more than 60 emails from the United States Government. And the attack took advantage of the entry into the equipment of an engineer from the technological giant, opening the way to access several federal employee accounts.
