The US Cybersecurity and Infrastructure Security Agency (CISA) and its Japanese counterparts have published a Joint Cybersecurity Advisory on BlackTech, a cybercriminal group linked to the People’s Republic of China (PRC).
BlackTech disrupts router software without being detected and exploits domain trust relationships between an organization’s network administrator and users.
BlackTech attacks are prevalent in defense, government, industry, media, telecommunications, and electronics sectors across the US and East Asia.
The cyber actors facilitate strikes through remote access tools or RATs installed in operating systems, including Windows, Linux, and FreeBSD.
BlackTech also uses custom malware payloads known as FakeDead, FlagPro, BendyBear, and other undetectable programs to blend with normal operations and appear legitimate in a network.
“Cyber actors look for the easiest way into their targeted network, like a thief checking vehicles for unlocked doors,” US NSA Cybersecurity Director Rob Joyce explained.
“Subsidiaries of multinational corporations are attractive targets for threat actors. The security of these subsidiaries’ IT environments are sometimes overlooked, posing a significant risk for the critical systems of their international partners.”
Calls for Mitigation
Alongside BlackTech tactics, techniques, and procedures, the report encouraged multinational organizations to review network resiliency, practice access verification, and consider implementing zero-trust solutions “to limit the extent” of potential compromise led by the PRC cyber threat.
CISA and the NSA worked with the FBI, Japan National Police Agency, and Japan National Center of Incident Readiness and Strategy for Cybersecurity to lay out the joint advisory.
“With our US and international partners, CISA continues to call urgent attention to China’s sophisticated and aggressive global cyber operations to gain persistent access and, in the case of BlackTech actors, steal intellectual property and sensitive data,” CISA Cybersecurity Executive Assistance Director Eric Goldstein stated.
“Today’s joint advisory with our partners in Japan highlights our extensive and persistent collaboration to provide actionable and timely guidance to businesses, government and critical infrastructure.”
“We encourage all organizations to review the advisory, take action to mitigate risk, report any evidence of anomalous activity, and continue to visit cisa.gov/china for ongoing updates about the heightened risk posed by PRC cyber actors.”