ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Blackwood

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Blackwood

NamesBlackwood (ESET)
CountryChina China
MotivationInformation theft and espionage
First seen2018
Description(ESET) Blackwood is a China-aligned APT group active since at least 2018, engaging in cyberespionage operations against Chinese and Japanese individuals and companies. Blackwood has capabilities to conduct adversary-in-the-middle attacks to deliver the implant we named NSPX30 through updates of legitimate software, and to hide the location of its command and control servers by intercepting traffic generated by the implant.
ObservedSectors: Manufacturing.
Countries: China, Japan, UK.
Tools usedNSPX30.
Operations performedJan 2024Blackwood APT Group Has a New DLL Loader
<https://blog.sonicwall.com/en-us/2024/01/blackwood-apt-group-has-a-new-dll-loader/>
Information<https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/>

Last change to this card: 06 March 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]