Infrastructure Briefing — October 2, 2025

CISA, NSA, and the FBI warn that BlackTech actors have modified edge-router firmware to maintain persistence, requiring operators to verify signed images and lock down remote administration.

Zeph Tech Research Lead

Research lead, Zeph Tech

Credibility scores for every source cited in this briefing. Source data (JSON)

What happened: Joint advisory AA23-214A from CISA, NSA, the FBI, and Japan's NISC details how BlackTech compromised branch routers by downgrading or replacing firmware to remove logs and maintain persistence.^AA23-214A

Why it matters: Firmware tampering bypasses OS-level controls and survives factory resets. The advisory shows attackers abusing vendor-signed images and default trust anchors—highlighting supply-chain risks when image provenance, downgrade protections, and config baselines are weak.

Actions for infrastructure teams

Enforce signed, locked firmware. Validate cryptographic signatures before and after upgrades, block unsigned or older images, and disable automatic fallback that allows downgrades without approval.^{CISA BlackTech guidance}
Harden remote management. Restrict administrative access to management networks, require MFA, and disable vendor cloud-managed tunnels if they are not in use to prevent covert firmware pushes.^{NSA/CSA PDF}
Continuously attest edge devices. Deploy secure boot with measured boot/TPM attestation where supported and monitor for config drift that indicates hidden firmware changes.

Horizontal bar chart of credibility scores per cited source. — Credibility scores for every source cited in this briefing. Source data (JSON)

Visit pillar hub

Latest guides

Edge Resilience Infrastructure Guide — Zeph Tech
Engineer resilient edge estates using ETSI MEC standards, DOE grid assessments, and GSMA availability benchmarks documented by Zeph Tech.
Infrastructure Resilience Guide — Zeph Tech
Coordinate capacity planning, supply chain, and reliability operations using DOE grid programmes, Uptime Institute benchmarks, and NERC reliability mandates covered by Zeph Tech.
Infrastructure Sustainability Reporting Guide — Zeph Tech
Produce audit-ready infrastructure sustainability disclosures aligned with CSRD, IFRS S2, and sector-specific benchmarks curated by Zeph Tech.

Actions for infrastructure teams

Related briefings

Infrastructure Briefing — October 4, 2025

NTIA Awards $420 Million for Open and Resilient Wireless Networks

Infrastructure Briefing — CHIPS and Science Act signed into U.S. law

Infrastructure Resilience Briefing — February 10, 2022

Executive Order 14017 on Supply Chains — February 24, 2021

Continue in the Infrastructure pillar

Latest guides