BlackTech Unmasked
Tags
cmtmf-attack-pattern: Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information
country: China Hong Kong Japan Taiwan United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Application Layer Protocol - T1437 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Code Signing - T1553.002 Code Signing Certificates - T1588.003 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Data From Local System - T1533 Digital Certificates - T1596.003 Digital Certificates - T1587.003 Digital Certificates - T1588.004 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Downgrade Attack - T1562.010 Downgrade System Image - T1601.002 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exfiltration To Cloud Storage - T1567.002 Exploitation Of Remote Services - T1428 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 External Proxy - T1090.002 File And Directory Discovery - T1420 File Transfer Protocols - T1071.002 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Impair Command History Logging - T1562.003 Impair Defenses - T1562 Indicator Blocking - T1562.006 Indicator Removal From Tools - T1027.005 Junk Data - T1001.001 Keylogging - T1056.001 Keylogging - T1417.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Network Device Authentication - T1556.004 Network Devices - T1584.008 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Registry Run Keys / Startup Folder - T1547.001 Remote Desktop Protocol - T1021.001 Right-To-Left Override - T1036.002 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Link - T1566.002 Ssh - T1021.004 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Application Window Discovery - T1010 Automated Collection - T1119 Bits Jobs - T1197 Code Signing - T1116 Command-Line Interface - T1059 Connection Proxy - T1090 Data Encoding - T1132 Data From Local System - T1005 Data Obfuscation - T1001 Data Transfer Size Limits - T1030 Deobfuscate/Decode Files Or Information - T1140 Disabling Security Tools - T1089 Dll Side-Loading - T1073 Execution Through Api - T1106 Exfiltration Over Command And Control Channel - T1041 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 Exploitation Of Remote Services - T1210 File And Directory Discovery - T1083 Hooking - T1179 Indicator Blocking - T1054 Masquerading - T1036 Modify Registry - T1112 Network Service Scanning - T1046 Obfuscated Files Or Information - T1027 Powershell - T1086 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Remote Desktop Protocol - T1076 Remote Services - T1021 Scheduled Task - T1053 Scheduled Transfer - T1029 Screen Capture - T1113 Service Execution - T1035 System Information Discovery - T1082 Windows Management Instrumentation - T1047 Trusted Relationship - T1199 User Execution - T1204 Automated Collection Exploitation Of Remote Services Hooking Masquerading Screen Capture User Execution
Show in Graph
Common Information
Type Value
UUID e7a8ebc2-157f-40e5-984a-7dc85fbabd6d
Fingerprint d41551190737cd81
Analysis status DONE
Considered CTI value 2
Text language
Published April 12, 2025, 6:01 p.m.
Added to db April 12, 2025, 8:24 p.m.
Last updated April 17, 2025, 11:19 p.m.
Headline BlackTech Unmasked
Title BlackTech Unmasked
Detected Hints/Tags/Attributes 287/4/102
Source URLs
Redirection Url
Details Source https://andy3stacks.medium.com/blacktech-unmasked-bd2a41ed2ebf?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com andy3stacks.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 192 
cve-2012-0158
Details CVE 64 
cve-2015-5119
Details CVE 39 
cve-2017-7269
Details CVE 22 
cve-2014-6352
Details CVE 322 
cve-2017-0199
Details Domain 675 
www.cisa.gov
Details Domain 118 
malpedia.caad.fkie.fraunhofer.de
Details Domain 304 
learn.microsoft.com
Details Domain 476 
attack.mitre.org
Details Domain 152 
www.ncsc.gov.uk
Details Domain 7 
security.com
Details Domain 15 
www.security.com
Details Domain 409 
thehackernews.com
Details Domain 176 
therecord.media
Details File 2621 
cmd.exe
Details File 2 
csa_blacktech_hide_in_routers_tlp-clear.pdf
Details File 2 
mpressioncss_ta_report_2019_4_en.pdf
Details File 1 
chinese-apt-group-targets-media-finance.html
Details File 1 
blacktech-targets-tech-research-and-gov.html
Details File 1 
following-trail-blacktech-cyber-espionage-campaigns.html
Details Mandiant Temporary Group Assumption 7 
TEMP.OVERBOARD
Details MITRE ATT&CK Techniques 5 
T1036.002
Details MITRE ATT&CK Techniques 518 
T1566
Details MITRE ATT&CK Techniques 408 
T1566.001
Details MITRE ATT&CK Techniques 237 
T1566.002
Details MITRE ATT&CK Techniques 671 
T1190
Details MITRE ATT&CK Techniques 279 
T1203
Details MITRE ATT&CK Techniques 468 
T1204
Details MITRE ATT&CK Techniques 133 
T1204.001
Details MITRE ATT&CK Techniques 464 
T1204.002
Details MITRE ATT&CK Techniques 278 
T1106
Details MITRE ATT&CK Techniques 806 
T1059
Details MITRE ATT&CK Techniques 419 
T1059.003
Details MITRE ATT&CK Techniques 606 
T1059.001
Details MITRE ATT&CK Techniques 173 
T1059.005
Details MITRE ATT&CK Techniques 5 
T1556.004
Details MITRE ATT&CK Techniques 13 
T1562.003
Details MITRE ATT&CK Techniques 608 
T1112
Details MITRE ATT&CK Techniques 344 
T1053.005
Details MITRE ATT&CK Techniques 203 
T1021.001
Details MITRE ATT&CK Techniques 527 
T1053
Details MITRE ATT&CK Techniques 77 
T1021.004
Details MITRE ATT&CK Techniques 274 
T1574.002
Details MITRE ATT&CK Techniques 40 
T1588.003
Details MITRE ATT&CK Techniques 406 
T1036
Details MITRE ATT&CK Techniques 69 
T1553.002
Details MITRE ATT&CK Techniques 22 
T1588.004
Details MITRE ATT&CK Techniques 752 
T1027
Details MITRE ATT&CK Techniques 268 
T1562
Details MITRE ATT&CK Techniques 19 
T1562.006
Details MITRE ATT&CK Techniques 53 
T1027.005
Details MITRE ATT&CK Techniques 180 
T1090
Details MITRE ATT&CK Techniques 44 
T1090.002
Details MITRE ATT&CK Techniques 212 
T1555
Details MITRE ATT&CK Techniques 166 
T1555.003
Details MITRE ATT&CK Techniques 165 
T1056.001
Details MITRE ATT&CK Techniques 209 
T1046
Details MITRE ATT&CK Techniques 1143 
T1082
Details MITRE ATT&CK Techniques 513 
T1057
Details MITRE ATT&CK Techniques 688 
T1083
Details MITRE ATT&CK Techniques 90 
T1010
Details MITRE ATT&CK Techniques 132 
T1210
Details MITRE ATT&CK Techniques 179 
T1021.002
Details MITRE ATT&CK Techniques 207 
T1021
Details MITRE ATT&CK Techniques 71 
T1199
Details MITRE ATT&CK Techniques 604 
T1005
Details MITRE ATT&CK Techniques 130 
T1119
Details MITRE ATT&CK Techniques 264 
T1113
Details MITRE ATT&CK Techniques 525 
T1071
Details MITRE ATT&CK Techniques 557 
T1071.001
Details MITRE ATT&CK Techniques 36 
T1071.002
Details MITRE ATT&CK Techniques 195 
T1573
Details MITRE ATT&CK Techniques 154 
T1573.001
Details MITRE ATT&CK Techniques 1 
T1071.009
Details MITRE ATT&CK Techniques 522 
T1041
Details MITRE ATT&CK Techniques 26 
T1029
Details MITRE ATT&CK Techniques 43 
T1030
Details MITRE ATT&CK Techniques 208 
T1569.002
Details MITRE ATT&CK Techniques 141 
T1560.001
Details MITRE ATT&CK Techniques 363 
T1047
Details MITRE ATT&CK Techniques 569 
T1140
Details MITRE ATT&CK Techniques 48 
T1197
Details MITRE ATT&CK Techniques 2 
T1601.002
Details Url 1 
https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china/publications
Details Url 1 
https://www.cisa.gov/news-events/news/cisa-nsa-fbi-and-japan-release-advisory-warning-blacktech-prc-linked-cyber-activity
Details Url 2 
https://media.defense.gov/2023/sep/27/2003309107/-1/-1/0/csa_blacktech_hide_in_routers_tlp-clear.pdf
Details Url 2 
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
Details Url 1 
https://malpedia.caad.fkie.fraunhofer.de/actor/blacktech
Details Url 1 
https://ics-cert.kaspersky.com/publications/reports/2024/04/02/apt-and-financial-attacks-on-industrial-organizations-in-h2-2023
Details Url 1 
https://www.kratosdefense.com/constellations/articles/living-off-the-land-techniques-pose-a-persistent-cyber-threat-to-space-critical-infrastructure
Details Url 1 
https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2019_4_en.pdf
Details Url 1 
https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming
Details Url 18 
https://attack.mitre.org/groups
Details Url 1 
https://attack.mitre.org/groups/g0098
Details Url 2 
https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software
Details Url 4 
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Details Url 1 
https://www.security.com/threat-intelligence/palmerworm-blacktech-espionage-apt
Details Url 1 
https://thehackernews.com/2020/09/chinese-apt-group-targets-media-finance.html
Details Url 1 
https://thehackernews.com/2024/04/blacktech-targets-tech-research-and-gov.html
Details Url 1 
https://therecord.media/us-japan-say-chinese-hackers-routers
Details Url 1 
https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html
Details Url 1 
https://www.picussecurity.com/resource/blog/blacktech-apt-group-targets-us-and-japan-cisa-alert-aa23-270a