The warning came on the heels of a Washington briefing which said Chinese state-linked hackers had stolen 60,000 emails from 10 State Department accounts
American and Japanese authorities have warned multinational companies about the sophisticated hacking practices of China-linked group BlackTech, in an advisory issued late on Wednesday.
Authorities urged firms to review the internet routers at their subsidiaries, saying BlackTech was capable of “modifying router firmware without detection”.
The warning came on the heels of a US State Department briefing in which officials told lawmakers that Chinese state-linked hackers had stolen 60,000 emails from 10 State Department accounts.
The hack they were referring to was revealed in July when US officials and Microsoft said that Chinese state-linked hackers had accessed email accounts at around 25 organisations since May.
Affected government departments included the US Commerce and State Departments, with the hackers also breaching the account of US Commerce secretary Gina Raimondo. The overall extent of the breach still remains unclear.
However, a staffer working for US senator Eric Schmitt told Reuters that nine of the affected individuals were working on East Asia and the Pacific and one worked on Europe.
The State Department individuals whose accounts were compromised mostly focused on Indo-Pacific diplomacy efforts, and the hackers also obtained a list containing all of the department’s emails, according to the Wednesday briefing.
US allegations that China was behind the breach, that resulted from hackers compromising a Microsoft engineer’s device, worsened already strained ties between the world’s two biggest economies. Beijing denied the charges.
BlackTech also focused on East Asia
The US and East Asia emerged as key targets of the BlackTech hacking group as well, based on briefings by American and Japanese agencies.
BlackTech works by “exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets,” said the advisory issued by the US National Security Agency, Federal Bureau of Investigation and Japanese police.
The joint advisory also came from the US Cybersecurity and Infrastructure Security Agency and its Japanese counterpart.
BlackTech has been engaging in cyberattacks on governments and tech-sector companies in the United States and East Asia since around 2010, Japan’s National Police Agency said in a separate statement.
In 2020, self-ruled Taiwan’s security authority reported cyberattacks to some 6,000 government officials’ email accounts from Blacktech and another hacking group Taidoor, saying both were likely backed by the Chinese Communist Party.
Japan, a key US ally in East Asia along with South Korea, was also allegedly attacked by Chinese military hackers that gained access to its classified defence networks in 2020, the Washington Post said last month.
Amid heightening tensions between Washington and Beijing, US security officials are raising the tone of their warnings against China’s cyberattack capabilities.
FBI chief Chris Wray said earlier this month that “has a bigger hacking program than every other major nation combined”.