A Chinese cyberespionage group targeting organizations and individuals in China and Japan has remained under the radar for roughly five years, cybersecurity firm ESET reports.
Tracked as Blackwood and active since at least 2018, the advanced persistent threat (APT) actor has been using adversary-in-the-middle (AitM) attacks to deploy a sophisticated implant via the update mechanisms of legitimate software such as Sogou Pinyin, Tencent QQ, and WPS Office.
Blackwood attacks are characterized by the deployment of NSPX30, a sophisticated implant that includes a backdoor, a dropper, installers, loaders, and an orchestrator, and which can hide its command-and-control (C&C) communication through packet interception.
[...]
Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware
Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware
-
rbc
- President
- Posts: 273
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware
Robert B. Carleton + ISC2 Central Mississippi President