Cybersecurity firm ESET is tracking a previously undisclosed threat actor, Blackwood, presumed to be China-aligned. Blackwood has been linked to adversary-in-the-middle (AitM) attacks using an implant named NSPX30 to hijack update requests of legitimate software, like Tencent QQ and WPS Office. Active since 2018, the entity targets Chinese and Japanese manufacturing, trading, and engineering companies, plus individuals in China, Japan, and the UK. NSPX30 enables packet interception, hiding the attackers’ infrastructure.
Hey there, friend! Let’s chat a little about my journey and everyday life as a Cyber Threat Analyst out here in the San Francisco Bay