Radio Panda, also known as BlackTech, Palmerworm, Temp.Overboard, and Circuit Panda, is a state-sponsored Chinese Advanced Persistent Threat (APT) group that has been conducting cyber espionage attacks since at least 2010. This threat actor has targeted various sectors, including government, industrial, technology, media, electronics, telecommunication, and entities supporting the militaries of the U.S. and Japan. The group has been particularly active in exploiting routers, specifically those from Cisco Systems Inc., modifying their firmware to conceal its activities and establish persistence within the networks.
In recent developments, U.S. and Japanese intelligence, law enforcement, and cybersecurity agencies have issued warnings about Radio Panda's malicious activities. In particular, they have highlighted the group's strategy of planting backdoors in Cisco router firmware to gain access to multinational companies' networks. This tactic allows the threat actor to pivot from smaller, international subsidiaries to the headquarters of affected organizations, replacing device firmware with its own malicious version.
The NSA has underscored the severity of the threats from foreign intelligence, highlighting the active targeting and exploitation of routers by this alleged Chinese-linked hacking group. These actions demonstrate the decades-long pattern of intellectual property theft and exploitation by our adversaries, and there are concerns about their potential misuse of advances in AI. The persistent and advanced capabilities demonstrated by Radio Panda pose significant cybersecurity risks to both government entities and private sector organizations across multiple industries.
Description last updated: 2024-05-04T16:41:28.702Z