BlackTech

BlackTech is a Chinese cyber threat group that has targeted organizations across East Asia and the United States since 2013. In East Asia, BlackTech has focused on targets in Hong Kong, Japan, and Taiwan. BlackTech has successfully compromised financial, construction, engineering, media, and electronics organizations’ infrastructure and networks. BlackTech has also been disambiguated and known by security researchers as Palmerworm and Circuit Panda.

BlackTech’s calling cards include the use of a suite of customized malware, the use of legitimate tools, and other living-off-the-land tactics. BlackTech is known for using stolen digital certificates. They are also known for using API hooking. API hooking is a technique whereby API calls can be viewed, intercepted, and modified.

Security researchers have noted that BlackTech remains active and has been utilizing new types of malware to target many industry and government sectors in China, Japan, and Taiwan. In mid-2020, the Taiwanese government commented that the BlackTech threat actors were working for, and aligned with, the Chinese Communist Party. In support of the CCP, BlackTech has targeted a broad set of Taiwanese commercial and government organizations.

Custom tools that have been observed being used by BlackTech include:

• Kivars
• Pled
• Consock
• Waship
• Dalwit
• Nomri

Legitimate tools being used by BlackTech in support of malicious activities include:

• WinRAR
• SNScan
• Putty
• PSExec

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels across many industries and from around the world.