Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe

by admin 0 Comments

Cyber Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Video

The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK

26 Jan 2024

This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software such as Tencent QQ, WPS Office, and Sogou Pinyin.

Blackwood, the name given to the APT group by ESET, used the implant in targeted attacks against Chinese and Japanese companies, as well as against individuals in China, Japan, and the United Kingdom. The evolution of NSPX30 was traced to a small backdoor all the way back to 2005.

What kinds of capabilities does NSPX30 have and what components exactly is this multistage implant made up of? Find out in the video and also make sure to read about the attack and its mechanics in this blogpost.

Connect with us on FacebookTwitterLinkedIn and Instagram.

This article was originally published by Welivesecurity.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques
Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Leave a Reply

Your email address will not be published. Required fields are marked *