US and Japanese officials are warning that state-sponsored hackers linked to the Chinese government have been discovered modifying software inside routers to target companies based in their countries.
(Bloomberg) — US and Japanese officials are warning that state-sponsored hackers linked to the Chinese government have been discovered modifying software inside routers to target companies based in their countries.
The group, known as BlackTech, has targeted government, industrial, technology, telecommunications and defense sectors, according to the advisory from US and Japanese law enforcement and cybersecurity officials.
Once inside the internal networks of international subsidiaries, the group has disabled logging in order to pivot undetected to target the companies’ headquarters in the US and Japan, the advisory said.
Targeting Windows, Linux and FreeBSD operating systems, the group has been using various remote access tools, malware and “living off the land” techniques to remain undetected, the advisory said. Living off the land means using legitimate tools located in the victim’s environment that allow the hacker to blend in with normal operations.
“BlackTech activity targets a wide range of public organizations and private industries across the US and East Asia,” said Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency.
The hackers have compromised several routers from Cisco Systems Inc., according to the advisory. Other brands were also targeted but the advisory doesn’t name them. A Cisco spokesperson said there is no indication that any vulnerabilities in the company’s products were exploited as part of the breaches cited in the advisory, adding that the alert underscores the urgent need for companies to update, patch and securely configure their network devices.
The US had previously warned Japan that Chinese state hackers had infiltrated its defense networks before Tokyo took sufficient action to try to secure them, according to current and former US officials.
Read More: US Warned Japan of China Hacking Defense Networks, Officials Say
Senior US national security officials grew increasingly concerned that sensitive information that they shared with some allies could be at risk of the breach, which was discovered several years ago. That prompted multiple US delegations since 2020 to fly to Tokyo to warn Japan, according to the officials, who asked not to be identified discussing the sensitive matter.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.