The joint advisory that CISA, NSA, FBI, and Japan's NPA released on 27 September 2023 — AA23-270A, titled "People's Republic of China-Linked Cyber Actors Hide in Router Firmware" — was one of the clearer public descriptions of a class of intrusion that defenders have been quietly dealing with for years. BlackTech, a cluster that Mandiant and TeamT5 have tracked since at least 2010, had been modifying firmware on Cisco IOS routers at subsidiaries of multinationals in Japan, Taiwan, and the United States, then pivoting from those routers back into the parent corporation's network. The operation was not loud. The advisory notes that some of the implants had persisted for years.
Firmware-level supply chain compromise is the hard problem the industry has been dancing around for a long time. Most vulnerability management programs stop at the kernel. Most SBOM programs stop at the application layer. A router whose running image has been surgically modified by a capable adversary is a piece of infrastructure that does not appear on your CVE dashboard and does not show up in your EDR telemetry, but does have line-of-sight to every packet that flows through it.
What BlackTech actually did
The AA23-270A advisory, combined with the technical appendices TeamT5 published in October 2023, describes a sequence that matters less for its novelty and more for its patience. The operators first compromised a subsidiary's internal network through more conventional means — phishing, credential theft, exploitation of an exposed service. Once they had administrative access to a subsidiary's Cisco router, they installed a modified IOS image that bypassed signature checks and provided a covert SSH listener.
The technical specifics were significant. The modified firmware disabled logging for the SSH backdoor. It accepted a magic packet that enabled or disabled the backdoor on demand, so the attacker's footprint on the device was near zero when they were not actively using it. And crucially, the modified image was loaded into the router's boot chain in a way that survived normal firmware updates performed by the administrator, because the implant's loader replaced the verified-boot check with a no-op.
TeamT5 published hashes for several of the modified IOS images. The industry response was uneven. Vendors whose devices were implicated shipped patches and advisories. Network operators who had never before pulled a firmware image off a production router and hashed it suddenly had to learn how.
Why this is a supply chain problem
The BlackTech case is usually framed as a threat-actor story. It is also a supply chain story, and that framing is the one that produces useful defensive action.
Your router's firmware is, from your organization's perspective, software that arrived from somewhere else. It was written by Cisco, signed by Cisco, and distributed by Cisco. That is a supply chain. When an attacker replaces the running image with a modified version and your monitoring does not notice, you have lost integrity over a critical piece of the supply chain. The fact that the substitution happened during an intrusion rather than during manufacturing does not change what was compromised — the integrity of the software running on the device. What it changes is the defensive control that would have caught it.
Hardware-root-of-trust features like Cisco's Secure Boot and Trust Anchor Module would have made the BlackTech implant far harder to install and much harder to hide. But those features are generational — they only exist on newer hardware, and they only work when the operator has enabled and monitored them. Many of the routers in the AA23-270A advisory were older models without the hardware anchors, running IOS images that had been placed on the device years before the implant arrived.
The dwell-time problem
One striking detail from the Japanese NPA's October 2023 briefing was that several of the implanted routers had been in compromised state for more than two years before discovery. Two years is a long time for an adversary to have access to every packet crossing the subsidiary-to-parent link of a multinational corporation. During that window, the attackers had access to credentials, intellectual property, and operational data that flowed through the device. No EDR product was going to catch this because no EDR product runs on a Cisco router. No SIEM was going to catch it because the implant had disabled its own logging.
The mechanism that eventually caught some of these implants, according to TeamT5 and subsequent reporting from IDA-Pro-based researchers at Black Hat Asia 2024, was boring: someone at the victim organization compared the SHA-256 of the running image to the SHA-256 Cisco published for that version, and the hashes did not match.
CVE context and the industry response
BlackTech's firmware work did not rely on a single CVE. The operators used known and patched issues as initial entry points — CVE-2017-3881, the SNMP remote code execution in IOS that had been patched for years but still existed on a surprising number of production devices, showed up in some of the investigations — but the implant itself was not CVE-tracked. This is part of what makes firmware supply chain work harder than application supply chain work. There is no package manager to audit. There is no lockfile to diff. There is just the question: does the image running on this device match the image the vendor says is running?
CISA's follow-up guidance in the first half of 2024 emphasized three controls: verify firmware integrity on a scheduled basis rather than assuming vendor signatures are being checked; restrict administrative access to network devices through jump hosts with logged sessions; and replace end-of-life devices whose hardware does not support modern trust anchors.
What defenders should build now
The most effective defensive response to BlackTech-style firmware work is not exotic. It is a firmware inventory that your organization controls and updates. Every network device has a make, a model, a firmware version, and a hash. Record all four, pull them on a schedule, and alert when the hash drifts from the vendor's published value.
Pair that with a policy that treats firmware updates with the same rigor as production code deployments: scheduled, logged, verified, and reconciled. When an administrator pushes a new image to a router, the hash of the image and the identity of the administrator should both be recorded. When the hash on the running device drifts later, you have a clear starting point for the investigation.
How Safeguard Helps
Safeguard extends SBOM coverage into firmware and embedded images so network-device manifests live in the same inventory as your application dependencies. Reachability analysis pinpoints which implanted libraries would actually be invoked by a given firmware path, reducing the triage burden during an incident. Griffin AI correlates firmware hashes against vendor-published reference values and surfaces drift as a first-class finding, the exact signal that caught the BlackTech implants after years of dwell. The TPRM module tracks your network-device vendors against known advisories like AA23-270A, and policy gates prevent unsigned or hash-mismatched images from being promoted into production rings. Used together, these controls turn firmware from an unmonitored attack surface into an inventoried and attested one.