Nation-State Actor
BlackTech
China • Active since 2010
BlackTech hacks into routers at the network edge and installs hidden backdoors. Since routers rarely get checked, they can stay hidden for years while stealing data from the network.
Overview
BlackTech is a Chinese state-sponsored threat group that targets technology companies in Taiwan, Japan, and the United States. They specialize in modifying router firmware to maintain persistent access.
Also Known As
Palmerworm, Circuit Panda, Radio Panda
Target Industries
Technology, Government, Electronics, Telecommunications, Defense
Target Regions
Taiwan, Japan, United States, Hong Kong
Is your business exposed?
Tactics, Techniques & Procedures
- • Router firmware modification
- • Supply chain compromise
- • Stolen code signing certificates
- • Living off the land
- • Custom backdoors
Known Tools & Malware
Waterbear, PLEAD, TSCookie, BendyBear, Flagpro
Notable Campaigns
Router Infrastructure Compromise (2023)
NSA/CISA advisory about BlackTech router compromises.
Taiwan Technology Targeting (2019-present)
Long-running operations against Taiwan technology sector.
MITRE ATT&CK Techniques
T1542.004, T1195, T1553.002, T1059, T1071
Defense Recommendations
- 1.
Verify router firmware integrity
- 2.
Disable router remote management
- 3.
Monitor for firmware changes
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required