image credit: Pixabay

Blackwood APT delivers malware by hijacking legitimate software update requests

January 25, 2024


ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood.

Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant.

ESET mapped the evolution of NSPX30 back to an earlier ancestor – a simple backdoor they have named Project Wood. The oldest sample found was compiled in 2005.

Read More on Help Net Security