NSA, Japanese Counterparts Release BlackTech Joint Advisory

The National Security Agency and other U.S. and Japanese security agencies have issued a joint cybersecurity advisory on the activities of Chinese cyber actors that exploit gaps in router firmware to cause damages.

According to the “People’s Republic of China-Linked Cyber Actors Hide in Router Firmware” advisory, BlackTech cyber actors modify router firmware without being detected, using various tactics, techniques and procedures to compromise several Cisco routers. The group also conceals the configuration changes made, disables logging and frequently transfers between networks.

The authors issued several recommendations, including implementing robust threat detection and mitigation techniques, disabling outbound connections, monitoring inbound and outbound connections, limiting access to administrative services and changing passwords.

The report was written in collaboration with the FBI, the Cybersecurity and Infrastructure Security Agency, the Japan National Police Agency and the Japan National Center of Incident Readiness and Strategy for Cybersecurity, the NSA said.

The joint advisory is one of several the NSA published to help agencies stop cyberthreats.

In mid-September, the agency and its federal partners issued a joint cybersecurity information sheet to help defense and national security organizations understand threats presented by deepfake technology. In February, the NSA and its U.S. and South Korean partners issued one focused on North Korean ransomware threats.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now