Security News > 2023 > September > US and Japan warn of Chinese hackers backdooring Cisco routers
US and Japanese law enforcement and cybersecurity agencies warn of the Chinese 'BlackTech' hackers breaching network devices to install custom backdoors for access to corporate networks.
The FBI notice warns that the BlackTech hackers use custom, regularly updated malware to backdoor network devices, which are used for persistence, initial access to networks, and to steal data by redirecting traffic to attacker-controlled servers.
For Cisco routers in particular, researchers have observed the attackers enabling and disabling an SSH backdoor by using specially crafted TCP or UDP packets that are sent to the devices.
The threat actors have also been observed patching the memory of Cisco devices to bypass the Cisco ROM Monitor's signature validation functions.
The advisory advises system administrators to monitor for unauthorized downloads of bootloader and firmware images and unusual device reboots that could be part of loading modified firmware on routers.
The US, UK, and Cisco warned in April of attacks on Cisco iOS devices by the Russian APT28 state-sponsored hacking group, which deployed custom malware to steal data and pivot to internal devices.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese hackers compromised an ISP to deliver malicious software updates (source)
- CISA warns of hackers abusing Cisco Smart Install feature (source)
- CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature (source)
- US warns of Iranian hackers escalating influence operations (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- US offers $2.5 million reward for hacker linked to Angler Exploit Kit (source)
- Hackers inject malicious JS in Cisco store to steal credit cards, credentials (source)
- Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)