Cybersecurity firm ESET is tracking a previously undisclosed threat actor, Blackwood, presumed to be China-aligned. Blackwood has been linked to adversary-in-the-middle (AitM) attacks using an implant named NSPX30 to hijack update requests of legitimate software, like Tencent QQ and WPS Office. Active since 2018, the entity targets Chinese and Japanese manufacturing, trading, and engineering companies, plus individuals in China, Japan, and the UK. NSPX30 enables packet interception, hiding the attackers’ infrastructure.
![](https://healsecurity.com/wp-content/uploads/2024/07/group-ibs-threat-intelligence-and-defence-centre-equip-undergraduates-with-sophisticated.jpg)
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some