China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

Slovak cybersecurity firm ESET has discovered that an undisclosed number of software updates were hijacked by Blackwood, a China-backed hacking group, to implant the sophisticated spyware “NSPX30” into their systems. Blackwood, which has been active since at least 2018, capitalises on vulnerabilities in the update mechanisms of legitimate software to carry out adversary-in-the-middle (AitM) attacks. This new breed of cyber assaults intercepts update requests and injects spyware, specifically the NSPX30, a sophisticated tool designed to infiltrate, extract information, and monitor the activities of the compromised systems. The full impact and extent of the breach, as well as the identity of Blackwood’s victims, are yet to be disclosed, underscoring the highly secretive and advanced capabilities of the threat actor.

Published: Thu, 25 Jan 2024 15:38:00 +0530