Radio Panda

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Radio Panda, also known as BlackTech, Palmerworm, Temp.Overboard, and Circuit Panda, is a state-sponsored Chinese Advanced Persistent Threat (APT) group that has been conducting cyber espionage attacks since at least 2010. This threat actor has targeted various sectors, including government, industrial, technology, media, electronics, telecommunication, and entities supporting the militaries of the U.S. and Japan. The group has been particularly active in exploiting routers, specifically those from Cisco Systems Inc., modifying their firmware to conceal its activities and establish persistence within the networks. In recent developments, U.S. and Japanese intelligence, law enforcement, and cybersecurity agencies have issued warnings about Radio Panda's malicious activities. In particular, they have highlighted the group's strategy of planting backdoors in Cisco router firmware to gain access to multinational companies' networks. This tactic allows the threat actor to pivot from smaller, international subsidiaries to the headquarters of affected organizations, replacing device firmware with its own malicious version. The NSA has underscored the severity of the threats from foreign intelligence, highlighting the active targeting and exploitation of routers by this alleged Chinese-linked hacking group. These actions demonstrate the decades-long pattern of intellectual property theft and exploitation by our adversaries, and there are concerns about their potential misuse of advances in AI. The persistent and advanced capabilities demonstrated by Radio Panda pose significant cybersecurity risks to both government entities and private sector organizations across multiple industries.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
BlackTech
4
BlackTech is a threat actor, or a group responsible for carrying out malicious cyber activities. Known for its links to China, BlackTech focuses on gathering intelligence from technology and government organizations, predominantly in the Asia-Pacific region. This group has shown a high degree of sop
Circuit Panda
1
Circuit Panda, also known as BlackTech, HUAPI, Manga Taurus, Palmerworm, Red Djinn, and Temp.Overboard, is a significant threat actor with a history of operating against targets in East Asia, particularly Taiwan, Japan, and Hong Kong since at least 2007. This group is part of a constellation of adva
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Firmware
Apt
Exploit
Espionage
State Sponso...
Cisco
Nsa
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Radio Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
9 months ago
MI5 chief warns of Chinese cyber espionage reached an unprecedented scale
CISA
10 months ago
People's Republic of China-Linked Cyber Actors Hide in Router Firmware | CISA
CERT-EU
10 months ago
Backdoored firmware lets China state hackers control routers with “magic packets”
CERT-EU
10 months ago
Don’t Say ‘Skynet’ — NSA’s AI Security Center is New Hub for Agency Efforts
CERT-EU
10 months ago
Government-sponsored Chinese hackers are "hiding" inside Cisco routers
CERT-EU
10 months ago
Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more | IT World Canada News
CERT-EU
10 months ago
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
CERT-EU
10 months ago
Chinese 'BlackTech' hackers backdoor Cisco routers to breach orgs in the US, Japan
Securityaffairs
10 months ago
China-linked APT BlackTech was spotted hiding in Cisco router firmware
CERT-EU
10 months ago
Routers have been rooted by Chinese spies US and Japan warn
DARKReading
10 months ago
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
CERT-EU
10 months ago
US and Japan warn of Chinese hackers backdooring Cisco routers