ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood.
Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant.
ESET mapped the evolution of NSPX30 back to an earlier ancestor – a simple backdoor they have named Project Wood. The oldest sample found was compiled in 2005.