Blackwood hijacks software updates to implement NSPX30 – Week in security with Tony Anscombe

1 Min Read

Video

The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan and the United Kingdom

This week, ESET researchers released their findings on an attack in which a previously unknown threat actor deployed an advanced multi-stage implant, which ESET called NSPX30, via adversary-in-the-middle (AitM) attacks, hijacking update requests from legitimate software such as Tencent QQ. , WPS Office and Sogou Pinyin.

Blackwood, the name ESET gave to the APT group, used the implant in targeted attacks on Chinese and Japanese companies, as well as individuals in China, Japan and the United Kingdom. The evolution of NSPX30 traced back to a small loophole, all the way back to 2005.

What options does NSPX30 have and what components exactly does this multi-stage implant consist of? Discover it in the video and also read about the attack and how it works in this blog post.

Contact us Facebook, Tweet, LinkedIn And Instagram.

See also  Iyris makes it easier to grow fresh produce in difficult climates and raises $16 million
Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *