The Chinese cyberespionage group, Blackwood, has been caught delivering malware to entities in China and Japan. Blackwood attacks are characterized by the deployment of NSPX30, a sophisticated implant that includes a backdoor, a dropper, installers, loaders, and an orchestrator, and which can hide its command-and-control (C&C) communication through packet interception. According to ESET, Blackwood likely deploys an implant on the victims’ networks, possibly on vulnerable routers and gateways, and then uses it to intercept unencrypted HTTP traffic related to updates and deliver NSPX30’s dropper instead.

Read more: https://www.securityweek.com/elusive-chinese-cyberspy-group-hijacks-software-updates-to-deliver-malware/