Chinese Hackers Exploit Software Updates and Install Malware Since 2005
The cybersecurity firm ESET has uncovered a long-running cyberattack targeting software updates, which has been traced back to 2005. Chinese hackers, known as Blackwood, have been using a sophisticated attack method called AitM to deliver NSPX30 implants through software updates, with a particular focus on Chinese and Japanese entities.
This revelation sheds light on the dangerous tactic of manipulating software updates to disseminate malware and compromise user data. By exploiting vulnerabilities in software updates, hackers can gain unauthorized access to a large user base, making the updates an attractive target for malicious activities.
The NSPX30 implants, initially discovered as part of a surge of attacks in 2020, have a long history dating back to 2005, starting with a backdoor known as Project Wood. This backdoor has since evolved into a more advanced threat, exploiting AitM capabilities and posing a significant security risk to organizations that rely on software updates.
The method of delivery of NSPX30 implants remains unclear, but researchers have speculated that it may involve network implants on vulnerable devices such as routers. Additionally, the hackers have managed to disguise the origin of their attacks by intercepting unencrypted HTTP traffic, making it difficult to detect and block their activities.
Furthermore, the attackers have utilized legitimate IP addresses linked to software firms to disguise their malicious activities and have cleverly hidden the location of their command and control (C&C) server using AitM capabilities. This sophisticated approach has allowed them to evade detection and continue their attacks over an extended period of time.
The scope of these attacks is not limited to China and Japan, as victims in the UK and other countries have also been targeted. The Blackwood threat actors have demonstrated a high level of expertise in malware development, with a history dating back to the origins of Project Wood in 2005.
The discovery of these ongoing cyberattacks highlights the importance of vigilance and robust cybersecurity measures to protect against such threats. Organizations and individuals must ensure that their software updates are obtained from legitimate and secure sources to mitigate the risk of falling victim to similar attacks.
The findings from ESET’s research serve as a stark warning about the potential dangers associated with software updates and the need for heightened security measures to safeguard against such attacks. The increasing sophistication of cyber threats underscores the ongoing need for a proactive and comprehensive approach to cybersecurity in today’s digital landscape.