Names	Blackwood (ESET)
Country	China China
Motivation	Information theft and espionage
First seen	2018
Description	(ESET) Blackwood is a China-aligned APT group active since at least 2018, engaging in cyberespionage operations against Chinese and Japanese individuals and companies. Blackwood has capabilities to conduct adversary-in-the-middle attacks to deliver the implant we named NSPX30 through updates of legitimate software, and to hide the location of its command and control servers by intercepting traffic generated by the implant.
Observed	Sectors: Manufacturing.
Countries: China, Japan, UK.
Tools used	NSPX30.
Operations performed	Jan 2024	Blackwood APT Group Has a New DLL Loader
<https://blog.sonicwall.com/en-us/2024/01/blackwood-apt-group-has-a-new-dll-loader/>
Information	<https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/>
Last change to this card: 06 March 2024