Blackwood
0 incidentes
0 paises
0 sectores
apt CN Ultimo: -
Blackwood is a cyber espionage threat actor aligned with China. Identified as active since at least 2018, the group conducts operations primarily against individuals and companies in China, Japan, and the United Kingdom. Its notable characteristic is the use of Adversary-in-the-Middle (AiTM) attacks to deliver its custom NSPX30 implant by hijacking update requests of legitimate software. While the Blackwood group itself was named in 2018, the codebase for its primary malware, NSPX30, can be traced back to Project Wood, a backdoor that emerged in 2005. Blackwood's motivation is cyber espionage. The group employs network implants to facilitate AiTM attacks and anonymize its command and control infrastructure by intercepting traffic.