video
The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan and the United Kingdom
January 26, 2024
This week, ESET researchers published their findings on an attack in which a previously unknown threat actor deployed a sophisticated multi-stage implant, which ESET named NSPX30, through Adversary-in-the-middle (AitM) attacks that hijack Update requests from legitimate software such as Tencent QQ, WPS Office and Sogou Pinyin.
Blackwood, the name given to the APT group by ESET, has used the implant in targeted attacks against Chinese and Japanese companies, as well as individuals in China, Japan and the United Kingdom. The evolution of NSPX30 has been traced back to a small backdoor dating back to 2005.
What kind of capabilities does the NSPX30 have and what exactly does this multi-stage system consist of? Find out in the video, and be sure to also read about the attack and its mechanisms in this blog post.
Connect with us on Facebook, TwitterLinkedIn and Instagram.