BlackTech
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | Earth Hundun |
BlackTech is a cyber espionage group reported as being active since at least 2010 and linked to the People's Republic of China. The group is known by various aliases including Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, they have targeted a wide range of sectors in the U.S. and East Asia.
BlackTech employs custom malware payloads and remote access tools (RATs) to compromise victims' systems, particularly network devices. They have developed tailored persistence mechanisms for compromising routers, allowing them to disable logging and abuse trusted domain relationships for lateral movement.
According to reporting, their primary targets include government, industrial, technology, media, electronics, and telecommunication sectors, as well as entities supporting the militaries of the U.S. and Japan.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
BlackTech Threat Reports
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
This Cybersecurity Advisory from CISA and partners details activities of the People's Republic of China (PRC)-linked cyber actors known as ...
References
www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270awww.trendmicro.com
https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.htmljsac.jpcert.or.jp
https://jsac.jpcert.or.jp/archive/2022/pdf/JSAC2022_8_hara_en.pdfattack.mitre.org
https://attack.mitre.org/groups/G0098/www.nsa.gov
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3539209/us-and-japanese-agencies-issue-advisory-about-china-linked-actors-hiding-in-rou/MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.