NSPX30: A sophisticated AitM-enabled implant evolving since 2005 [Thursday, January 25, 2024]

ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and t...
NSPX30: A sophisticated AitM-enabled implant evolving since 2005 [Thursday, January 25, 2024]
NSPX30: A sophisticated AitM-enabled implant evolving since 2005

NSPX30: A sophisticated AitM-enabled implant evolving since 2005

Description :
ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software.

Published Created Modified
2024-01-25 15:24:19 2024-01-25 15:24:19 2024-01-25 15:33:07

Tags

Indicators

IPv4s : Hashes :
  • fa8e6f0094e9adcad61b80c75726bf6c7624c2b10a531f9c0f8a6ffb49b950ba
  • aea277eb7cd8383479d1e502d9e3eb76f8d17c4be2dcaa63fda444cac6e96197
Intrusion set :
  • Blackwood
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.