Chinese Gov Hackers Caught Hiding in Cisco Router Firmware

The Chinese APT group BlackTech was exposed for infiltrating U.S. and Japanese corporate networks through network edge devices and firmware hacks, per an advisory by NSA, FBI, CISA, and Japan’s NISC. BlackTech stealthily altered router firmware, targeting subsidiaries and headquarters. This group, active since 2010, focuses on government, industrial, and tech sectors. They’ve compromised Cisco routers using customized firmware backdoors, established SSH backdoors, and evaded firmware signatures. Recommendations include monitoring connections, log analysis, secure boot-capable devices, and firmware updates.