China-Linked Hackers Exploit Cisco Router Firmware for Covert Operations
Chinese state-sponsored hacking group BlackTech has been discovered using firmware implants in Cisco routers to maintain persistence and move stealthily within the networks of multinational companies in the US and Japan. The group modifies router firmware to hide their activity and uses compromised branch routers to blend in with corporate network traffic and pivot to other victims. BlackTech, active since 2010, targets various sectors including government, technology, and media. The group has been caught replacing firmware and using a built-in SSH backdoor to maintain access without logging connections. The advisory recommends monitoring network devices, upgrading to devices with secure boot capabilities, and reviewing logs for unauthorized changes. Cisco denies any vulnerabilities being exploited and states that compromised software only affects legacy devices.
- Chinese Gov Hackers Caught Hiding in Cisco Router Firmware SecurityWeek
- Backdoored firmware lets China state hackers control routers with “magic packets” Ars Technica
- US and Japan warn of Chinese hackers backdooring Cisco routers BleepingComputer
- US, Japan Warn of China-Linked Hackers Hiding in Router Software Bloomberg
- Cisco Router Firmware Hacks Attributed To China-Linked Group CRN
- View Full Coverage on Google News
Reading Insights
0
0
3 min
vs 4 min read
81%
629 → 122 words
Want the full story? Read the original article
Read on SecurityWeek