Irish Information Security Forum

Advisory Warning of BlackTech, PRC-Linked Cyber Activity

Source: CISA.GOV
Release Date: Sept 27, 2023


CISA, NSA, FBI, NPA, and NISC published a Joint Cybersecurity Advisory today about malicious activity PRC-linked cyber actors known as BlackTech, which have demonstrated capabilities to modify router firmware without detection and exploit routers’ domain-trust relationships.


The authoring agencies have observed PRC-linked cyber actors leveraging this exploitation of routers to pivot from global subsidiary companies to corporate headquarter networks in the U.S. and Japan.


BlackTech actors have targeted government, industrial, technology, media, electronics, telecommunication, and defense industrial base sectors. These actors are targeting Windows, Linux, and FreeBSD operating systems using remote access tools (RATs) and several different custom malware payloads, such as BendyBear, FakeDead, and FlagPro, along with using living off the land technique to evade detection and blend in with normal operations and activities and appear legitimate.


“With our U.S. and international partners, CISA continues to call urgent attention to China’s sophisticated and aggressive global cyber operations to gain persistent access and, in the case of BlackTech actors, steal intellectual property and sensitive data . Today’s joint advisory with our partners in Japan highlights our extensive and persistent collaboration to provide actionable and timely guidance to businesses, government and critical infrastructure. BlackTech activity targets a wide range of public organizations and private industries across the U.S. and East Asia. We encourage all organizations to review the advisory, take action to mitigate risk, report any evidence of anomalous activity, and continue to visit cisa.gov/china for ongoing updates about the heightened risk posed by PRC cyber actors.”

Eric Goldstein, Executive Assistant Director for Cybersecurity


With partners in the NSA, FBI, and Government of Japan, CISA urges critical infrastructure and private sector organizations to apply the recommended mitigations in this advisory to strengthen their cyber defenses and reduce threat of compromise from BlackTech.

Read the full Advisory

cyber actors hide in router firmware


If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland



Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)


Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more


secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy Statement  - Sponsorship  - Cybersecurity News Topics  - Cybersecurity Resources  - Produced by
LinkedIn Twitter