Blackwood hijacks software updates to deploy NSPX30 – Security Week with Tony Anscombe



The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the United Kingdom.

This week, ESET researchers published their findings on an attack in which a previously unknown threat actor deployed a sophisticated, multi-stage implant, which ESET named NSPX30, through malware attacks. adversary in the middle (AitM) hijacking update requests for legitimate software such as Tencent QQ. , WPS Office and Sogou Pinyin.

Blackwood, as the APT group is known by ESET, used the implant in targeted attacks against Chinese and Japanese companies, as well as against individuals in China, Japan and the United Kingdom. The evolution of the NSPX30 has been attributed to a small backdoor dating back to 2005.

What kind of capabilities does the NSPX30 have and what components exactly does this multi-stage implant consist of? Check it out in the video and also be sure to read more about the attack and its mechanics in this blog post.

Connect with us on Facebook, Twitter, LinkedIn And Instagram.

Leave a comment