Security News > 2023 > September > US and Japan warn of Chinese hackers backdooring Cisco routers

US and Japanese law enforcement and cybersecurity agencies warn of the Chinese 'BlackTech' hackers breaching network devices to install custom backdoors for access to corporate networks.

The FBI notice warns that the BlackTech hackers use custom, regularly updated malware to backdoor network devices, which are used for persistence, initial access to networks, and to steal data by redirecting traffic to attacker-controlled servers.

For Cisco routers in particular, researchers have observed the attackers enabling and disabling an SSH backdoor by using specially crafted TCP or UDP packets that are sent to the devices.

The threat actors have also been observed patching the memory of Cisco devices to bypass the Cisco ROM Monitor's signature validation functions.

The advisory advises system administrators to monitor for unauthorized downloads of bootloader and firmware images and unusual device reboots that could be part of loading modified firmware on routers.

The US, UK, and Cisco warned in April of attacks on Cisco iOS devices by the Russian APT28 state-sponsored hacking group, which deployed custom malware to steal data and pivot to internal devices.

News URL

https://www.bleepingcomputer.com/news/security/us-and-japan-warn-of-chinese-hackers-backdooring-cisco-routers/