Page 1 of 1

Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware

Posted: Fri Jan 26, 2024 12:10 pm
by rbc
A Chinese cyberespionage group targeting organizations and individuals in China and Japan has remained under the radar for roughly five years, cybersecurity firm ESET reports.

Tracked as Blackwood and active since at least 2018, the advanced persistent threat (APT) actor has been using adversary-in-the-middle (AitM) attacks to deploy a sophisticated implant via the update mechanisms of legitimate software such as Sogou Pinyin, Tencent QQ, and WPS Office.

Blackwood attacks are characterized by the deployment of NSPX30, a sophisticated implant that includes a backdoor, a dropper, installers, loaders, and an orchestrator, and which can hide its command-and-control (C&C) communication through packet interception.
[...]
Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware