US, Japan warn of China-backed hackers lurking in networking gear
The joint advisory cautioned that a China-backed threat group called BlackTech is exploiting weaknesses in routers to hack government and industrial targets.
U.S. cybersecurity authorities joined Japanese law enforcement agencies to warn about China-backed threat group BlackTech’s exploitation of security loopholes in everyday networking equipment.
The Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI, along with Japan's National Police Agency and its National Center of Incident Readiness and Strategy for Cybersecurity, have observed BlackTech operators modifying router firmware to obtain access to entire networks.
The hacks targeted government agencies, defense companies, telecommunications firms and more.
"BlackTech activity targets a wide range of public organizations and private industries across the U.S. and East Asia," Eric Goldstein, CISA's executive assistant director for cybersecurity, said in a statement.
U.S. authorities have previously warned of China-backed threat actors leveraging known flaws in routers and other networking gear to obtain access to target networks and then maintain access through stolen credentials and hijacked tools — a technique known as "living off the land."
According to the current joint advisory, BlackTech often hacks subsidiary networks to leverage access to more sensitive targets. Many of the techniques used by BlackTech can be mitigated with existing updates to common networking firmware.
In January 2023, the U.S. and Japan signed an agreement updating their operational collaboration on cybersecurity issues and to enhance cybersecurity of industrial control systems.