China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

In recent reports, Chinese-linked threat actors have stepped forward their cyberespionage agenda with a new campaign that hijacks software updates to implant a new breed of spyware named “NSPX30”. This advanced persistent threat (APT) group, named Blackwood by Slovak cybersecurity firm ESET, has been active since 2018. The NSPX30 malware is delivered to victims via adversary-in-the-middle (AitM) attacks that exploit the update requests from legitimate software. It appears to be a sophisticated new implant that uses vulnerabilities within the software update process as its entry point, highlighting a concerning issue for technology vendors worldwide who are striving to protect their systems and customers. The specific companies targeted or affected are currently undisclosed for security reasons but expected to be revealed once the security patches have been implemented.

Published: Thu, 25 Jan 2024 15:38:00 +0530