According to cybersecurity company ESET, a Chinese cyberespionage gang that targets businesses and individuals in China and Japan has gone unnoticed for about five years.
The advanced persistent threat (APT) actor, identified as Blackwood, has been active since at least 2018 and has been using adversary-in-the-middle (AitM) attacks to install a sophisticated implant through the update processes of reputable software, including Tencent QQ, WPS Office, and Sogou Pinyin.
Blackwood attacks are defined by the installation of NSPX30, an advanced implant which comprises a backdoor, a dropper, installers, loaders, and an orchestrator, and it can hide its command-and-control (C&C) communication through packet interception.
Read More: Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.