China-Linked Hackers Exploit Cisco Router Firmware for Covert Operations
Chinese state-sponsored hacking group BlackTech has been discovered using firmware implants in Cisco routers to maintain persistence and move stealthily within the networks of multinational companies in the US and Japan. The group modifies router firmware to hide their activity and uses compromised branch routers to blend in with corporate network traffic and pivot to other victims. BlackTech, active since 2010, targets various sectors including government, technology, and media. The group has been caught replacing firmware and using a built-in SSH backdoor to maintain access without logging connections. The advisory recommends monitoring network devices, upgrading to devices with secure boot capabilities, and reviewing logs for unauthorized changes. Cisco denies any vulnerabilities being exploited and states that compromised software only affects legacy devices.