Menu
Browse

Cyber Threat Actor: Blacktech

Actor Type Location Known Incidents
 Icon
Nation State
China
2 incidents
Profile

The threatactor known as Blacktech operates under that alias, which is the primary identifier used in public reporting. Open sources locate the actor’s base of operations in China, indicating a geographic nexus to that country. Attribution assessments tie Blacktech to Beijing and describe its activity as aligned with Chinese state interests, suggesting a state‑linked nexus. The actor’s primary objective, as reported in public accounts, is cyber espionage rather than financial gain or disruption. Blacktech’s targeting has been observed against governmental entities in Taiwan, reflecting a focus on public‑sector institutions. Specifically, the actor has compromised email accounts belonging to multiple Taiwanese government agencies, indicating a pattern of intrusion into administrative communications.

In early 2018, Blacktech was linked to a campaign that breached over six thousand email accounts across at least ten Taiwanese government agencies. Officials characterized the breach as a cyber espionage operation involving both Blacktech and the Taidoor group, highlighting a collaborative threat landscape. The intrusion was described as causing significant damage, prompting authorities to publicize the incident to mitigate further harm and prevent additional exploitation. The event took place amid heightened cross‑strait tensions and was presented as part of broader pressure tactics attributed to China, linking the activity to geopolitical dynamics. No specific malware families, initial access vectors, or tooling details are publicly attributed to Blacktech in the available sources, leaving technical signatures undescribed in the reporting. Consequently, the public profile of Blacktech relies on its observed targeting, espionage focus, and state‑linked attribution rather than on detailed technical indicators, reflecting the limits of current disclosures.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources