Recent findings from a joint advisory issued by the NSA, FBI, CISA, and Japan’s NISC indicate that the Chinese hacking group, BlackTech, has been utilizing router firmware on Cisco routers to maintain concealed persistence and carry out cyber-attacks. BlackTech has been active since 2010 and primarily targets government, industrial, technology, media, electronics, and telecommunication sectors.

The advisory warns that the attackers modify the firmware upon acquiring administrator access to network edge devices, allowing them to hide their activity and maintain persistence within the network. BlackTech specifically targets branch routers, which are smaller appliances used in remote branch offices to connect to a corporate headquarters. By compromising these routers, the attackers can blend in with corporate network traffic and pivot to other victims on the same network. 

Cisco routers have been compromised using custom firmware backdoors created by the group. The modified firmware includes a built-in SSH backdoor for persistent access without any logged connections. Additionally, the attackers have developed a complex scheme to bypass firmware signature checks and evade detection. 

The advisory recommends that organizations monitor network devices for inbound and outbound connections, review logs for unauthorized access attempts, upgrade to devices with secure boot capabilities, and regularly check for firmware updates. Cisco has clarified that the attackers did not exploit any vulnerabilities in their infrastructure and instead used stolen or weak administrative credentials for their attacks.


Continuously Monitor Network Devices

To safeguard against cyber-attacks comparative to the BlackTech hacks, organizations can take proactive measures by using Next-Gen File Integrity Monitoring software like CimTrak. The CimTrak Integrity Suite protects against unauthorized changes to your network infrastructure by providing comprehensive visibility and analysis into all changes across your entire network. In addition, organizations have the ability to see side-by-side comparisons to highlight changes made and even restore to a previous configuration when necessary. Download the Technical Summary for more information on how CimTrak can continuously monitor your network infrastructure.


Kayla Kinney
Post by Kayla Kinney
September 29, 2023
Kayla Kinney is a seasoned marketing professional with over 14 years of experience in the industry, honing her expertise in strategic marketing at a leading agency for the previous 6 years. She holds an MBA with a concentration in cybersecurity, combining her passion for marketing with a keen interest in safeguarding businesses and their customers against evolving digital threats. As the Director of Marketing and Communications, Kayla leads strategic marketing initiatives and develops effective communication strategies to promote our cutting-edge security solutions, driving brand awareness industry-wide.


About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time