cognitive cybersecurity intelligence

News and Analysis


China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

Cybersecurity firm ESET is tracking a previously undisclosed threat actor, Blackwood, presumed to be China-aligned. Blackwood has been linked to adversary-in-the-middle (AitM) attacks using an implant named NSPX30 to hijack update requests of legitimate software, like Tencent QQ and WPS Office. Active since 2018, the entity targets Chinese and Japanese manufacturing, trading, and engineering companies, plus individuals in China, Japan, and the UK. NSPX30 enables packet interception, hiding the attackers’ infrastructure.

Source: –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts