China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

The Blackwood group, a China-aligned threat actor that has been active since 2018, is leveraging an adversary-in-the-middle (AitM) technique to disrupt software updates and implant a complex piece of spyware called NSPX30. This discovery was made public by Slovak cybersecurity firm ESET, which has been closely monitoring the activities of the advanced persistent threat (APT) group. The group capitalizes on the vulnerability in the update process to introduce the spyware. This incident underscores the increasing need for companies to incorporate robust security measures in their update process to ward off such sophisticated threats. However, ESET has not specified the names of the companies affected by this breach.

Published: Thu, 25 Jan 2024 15:38:00 +0530