China-backed Hackers Hijack Software Updates to Implant “NSPX30” Spyware

According to an assessment from Slovak cybersecurity firm ESET, software updates have become the latest avenue of attack for the China-backed advanced persistent threat (APT) group known as Blackwood. Since 2018, this group has been linked to a series of adversary-in-the-middle (AitM) attacks, hijacking update requests from legitimate software to implant a sophisticated spyware tool named NSPX30. This approach allows the hackers to compromise software and network security even further, using system updates to infiltrate a broad range of systems. The exact number and names of affected companies, technology vendors, or suppliers are still under investigation, reinforcing the need for collective vigilance in maintaining up-to-date security measures.

Published: Thu, 25 Jan 2024 15:38:00 +0530