The Cybersecurity and Infrastructure Security Agency (CISA), along with other agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), have released a joint advisory about cyber attacks originating from China. The advisory focuses on a group known as BlackTech, which has the ability to modify router firmware undetected and exploit trust relationships between routers. These actors have targeted various sectors including government, technology, media, and defense. They use different malware payloads and employ techniques to evade detection. CISA emphasizes the importance of implementing mitigations to strengthen cyber defenses against BlackTech’s activities.
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-japan-release-advisory-warning-blacktech-prc-linked-cyber-activity