【Black Hat Asia 2024】TeamT5 Will Give the Talk on “Chinese APT: A Master of Exploiting Edge Devices”

This year, Black Hat Asia is held online and in-person, April 16-19, 2024 in Singapore. Greg Chen, Charles Li, and Che Chang from TeamT5 will give a talk on the topic “Chinese APT: A Master of Exploiting Edge Devices”.

China-nexus actors have compromised edge devices such as firewall, VPN, IoT devices, etc. against Taiwan Government since 2020 during COVID19, and have compromised those devices to build Botnet, spread disinformation, and exfiltrate sensitive data. However, edge devices belong to closed embedded platforms, and installing antivirus/EDR on those platforms and extracting malware are difficult. Moreover, some models have already reached end-of-life, so no patches are available. Worst of all, Chinese APT has owned the capabilities to find and exploit 0-day on edge devices such as Sophos Firewall, Array SSL VPN, and Barracuda Email Security Gatwall, etc.

Consequently, the presentation will reveal a surveillance router exploited in the wild by Chinese APT groups and will share multiple case studies of edge devices abused by Chinese threat actors such as spread disinformation, Botnet implanted, data exfiltration, and compromised C2. In addition, we also disclose the special and new malware family implanted in edge devices, such as port-knocking backdoors and living-of-the-land binary(LoLbin) attacks in edge devices. Lastly, this presentation also provides related approaches to mitigate attacks of edge devices.

Black Hat is the world leading cybersecurity event, and remains the best and biggest event of its kind. It provides attendees with cutting-edge security research, development and trends, and has the ability to define tomorrow’s information security landscape. Black Hat Asia is an Black Hat extended event which is held in Singapore annually.