Blackwood

Description

(ESET) Blackwood is a China-aligned APT group active since at least 2018, engaging in cyberespionage operations against Chinese and Japanese individuals and companies. Blackwood has capabilities to conduct adversary-in-the-middle attacks to deliver the implant we named NSPX30 through updates of legitimate software, and to hide the location of its command and control servers by intercepting traffic generated by the implant.

Names

Name	Name-Giver
Blackwood	ESET

Country

China

Motivation

Information theft and espionage

First Seen

2018

Observed Sectors

Manufacturing

Observed Countries

China
Japan
UK

Tools

NSPX30

Operations

2024-01: Blackwood APT Group Has a New DLL Loader https://blog.sonicwall.com/en-us/2024/01/blackwood-apt-group-has-a-new-dll-loader/

Information

https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/

Other Information

Uuid

6d70aaf2-6d2a-4578-b7d8-5c32edfa0024

Last Card Change

2024-03-06

Threat Intelligence Garden

Explorer

Blackwood

Blackwood

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks