Security News > 2023 > September > US and Japan warn of Chinese hackers backdooring Cisco routers
US and Japanese law enforcement and cybersecurity agencies warn of the Chinese 'BlackTech' hackers breaching network devices to install custom backdoors for access to corporate networks.
The FBI notice warns that the BlackTech hackers use custom, regularly updated malware to backdoor network devices, which are used for persistence, initial access to networks, and to steal data by redirecting traffic to attacker-controlled servers.
For Cisco routers in particular, researchers have observed the attackers enabling and disabling an SSH backdoor by using specially crafted TCP or UDP packets that are sent to the devices.
The threat actors have also been observed patching the memory of Cisco devices to bypass the Cisco ROM Monitor's signature validation functions.
The advisory advises system administrators to monitor for unauthorized downloads of bootloader and firmware images and unusual device reboots that could be part of loading modified firmware on routers.
The US, UK, and Cisco warned in April of attacks on Cisco iOS devices by the Russian APT28 state-sponsored hacking group, which deployed custom malware to steal data and pivot to internal devices.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese hackers breached T-Mobile's routers to scope out network (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Cisco bug lets hackers run commands as root on UWRB access points (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)