"Blackwood APT Delivers Malware by Hijacking Legitimate Software Update Requests"
ESET researchers have uncovered NSPX30, an implant used by the China-aligned Advanced Persistent Threat (APT) group called Blackwood. Blackwood has conducted cyber espionage operations against individuals and organizations in China, Japan, and the UK. It uses Adversary-in-the-Middle (AitM) techniques to take over update requests from legitimate software in order to deliver the NSPX30 implant. According to ESET, based on the NSPX30's evolution mapping, the sophisticated implant's earlier ancestor is Project Wood, a simple backdoor. The oldest sample was compiled in 2005. It is suspected that Blackwood has been in operation since at least 2018. This article continues to discuss findings regarding the Blackwood APT group and its use of NSPX30.
Submitted by grigby1