The U.S. and Japanese governments have published a joint cybersecurity advisory warning against a China-linked hacking group that exploits internet routers to target companies in the technology, media, electronics and telecommunication sectors.
BlackTech has demonstrated its capabilities to modify router firmware without detection in order to conceal its operations and attack companies located in the U.S. and Japan, the National Security Agency said Wednesday.
The hacking group uses custom malware and dual-use tools to exploit routers’ domain-trust relationships to target multinational corporations.
“BlackTech actors exploit trusted network relationships between an established victim and other entities to expand their access in target networks,” according to the advisory.
Rob Joyce, director of cybersecurity at NSA and a two-time Wash100 awardee, said that raising awareness of BlackTech’s malicious activities will help harden the defenses of the U.S. and its allies’ critical infrastructure.
The NSA released the CSA in partnership with the FBI, the Cybersecurity and Infrastructure Security Agency, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity.