Names | Blackwood (ESET) | |
Country | China | |
Motivation | Information theft and espionage | |
First seen | 2018 | |
Description | (ESET) Blackwood is a China-aligned APT group active since at least 2018, engaging in cyberespionage operations against Chinese and Japanese individuals and companies. Blackwood has capabilities to conduct adversary-in-the-middle attacks to deliver the implant we named NSPX30 through updates of legitimate software, and to hide the location of its command and control servers by intercepting traffic generated by the implant. | |
Observed | Sectors: Manufacturing. Countries: China, Japan, UK. | |
Tools used | NSPX30. | |
Operations performed | Jan 2024 | Blackwood APT Group Has a New DLL Loader <https://blog.sonicwall.com/en-us/2024/01/blackwood-apt-group-has-a-new-dll-loader/> |
Information | <https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/> |
Last change to this card: 06 March 2024
Download this actor card in PDF or JSON format
Previous: BlackTech, Circuit Panda, Radio Panda
Next: Blind Eagle
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |