In order to obtain unauthorized access and control, hackers take advantage of software vulnerabilities by manipulating updates.
By corrupting the updates, hackers can disseminate malware, compromise user data, and build backdoors for future attacks.
This enables hackers to compromise a large user base at once, making the software upgrades a luring target for malicious activities.
Cybersecurity researchers at ESET recently identified that Chinese hackers have been actively targeting and hacking software updates to install malware since 2005.
ESET found China-linked threat actor Blackwood behind a cyberattack since 2018.
They use AitM attacks to deliver NSPX30 implants through software updates by targeting Chinese and Japanese entities.
Trustifi's Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user's mailbox.
In 2020, a Chinese system was hit by a surge of attacks from Evasive Panda, LuoYu, and LittleBear.
Security analysts found a new threat, NSPX30, traced back to 2005 amid suspicious files, and it's been discovered via a deep investigation.
Evolution starts with a 2005 backdoor, Project Wood, which was found via timestamps.
The compromises occur during legit software updates via unencrypted HTTP that affects the popular Chinese software.
Cybersecurity researchers at ESET found IP addresses linked to legitimate software firms in their telemetry.
Millions of connections were registered, with downloads of genuine software components.
How NSPX30 is delivered as malicious updates is unknown.
No DNS redirection hints at intercepting unencrypted HTTP traffic for delivering the NSPX30 implant.
Orchestrator uses Baidu's site to download backdoor, posing as Internet Explorer on Windows 98.
While the backdoor initializes the UDP socket, facing complications with firewalls and NAT. Data exfiltration via DNS queries to Microsoft[.
Victims in Japan and the UK were targeted via the AitM system.
Blackwood threat actors have been observed since 2005 and have been constantly evolving from Project Wood.
The history of the primordial backdoor, Project Wood, hints at experienced malware developers.
This Cyber News was published on gbhackers.com. Publication date: Fri, 26 Jan 2024 11:13:04 +0000