Home Security
PC Matic
PC Matic VPN
More Products
Support Unlimited
Identity Theft Protection
PC Magnum
Threat Awareness
How PC Matic Protects You
SuperShield Whitelist
Compare PC Matic
Norton
McAfee
Avast
AVG
Business Protection
PC Matic Pro
PC Matic MSP
Solutions
Allowlisting
Script Enforcement
Device Control
Patch Management
Remote Tools
Integrations
Server Security
Learn More
Resellers
Affiliates
Resources
Case Studies
Compare PC Matic Pro
ThreatLocker
Airlock Digital
VMware Carbon Black
AppLocker
For Federal
Partner Programs
Managed Service Providers
Channel Partners
Affiliate Partners
OEM Partners
Resource Center
All Resources
Case Studies
Data Sheets
User Guides
White Papers
Blog Resources
PC Matic Blog
Business Security
Home Security
Cyber News
Scam Alerts
Customer Service
Home Support
Business Support
Learn More
Getting Started
Knowledgebase
Tech Support Scams
Fake Virus Scams
Tools & More
Ransomware Center
Internet Speed Test
PC Matic
About
Careers
Learn More
Industry Recognition
Leadership
Commercials
Stay Up-to-Date
Newsroom
Blog
Events
TechTalk Podcast
Home Customers
My Account
PC Matic App
Add a Device
Renew Subscription
Business Customers
Business Login
Business Support
Search
The U.S. administration is threatening retaliation against Russia.

Cyberespionage Unveiled: The Blackwood Threat Actor and the Advanced NSPX30 Malware

An unidentified advanced threat actor, known as ‘Blackwood,’ has been conducting cyberespionage attacks since at least 2018, utilizing a sophisticated malware called NSPX30.

Discovered by cybersecurity company ESET in 2020, Blackwood’s activities align with Chinese state interests, with targets in China, Japan, and the UK. The NSPX30 malware is delivered through the update mechanisms of legitimate software such as WPS Office, Tencent QQ, and Sogou Pinyin.

Blackwood employs adversary-in-the-middle (AitM) attacks, intercepting NSPX30 traffic to conceal its operations and hide command and control servers.

PC Matic Application Allowlisting prevents cybercriminals from running malware on your network and endpoints to disrupt operations, steal sensitive data, encrypt files, or hold critical digital assets for ransom.

Additionally, users enjoy the advantages of a VPN for online freedom, premium identity theft protection, bank and credit monitoring, dark web monitoring, and 100% USA-based phone support.

NSPX30’s primary function is data collection, including files, screenshots, key presses, hardware/network data, and credentials. It can steal chat logs from various platforms and perform actions like terminating processes, creating a reverse shell, moving files, or self-uninstallation.

Blackwood’s distinctive method involves delivering NSPX30 by intercepting unencrypted HTTP communication during legitimate software update requests (Tencent QQ, WPS Office, Sogou Pinyin), from a different typical supply-chain compromise. The mechanism enabling this interception remains unknown, with speculation that it may involve implants in the target’s network, potentially on vulnerable appliances like routers or gateways.

PC Matic delivers complete home and business cybersecurity protection against ransomware, malware, identity theft, online tracking, data breaches, and more. For over 20 years, PC Matic’s award-winning cyber protection has saved millions of satisfied customers from becoming the next cybercrime victim and is exclusively made in the USA.
Learn more about PC Matic today!
pcmatic.com
[email protected]

Stop Responding to Threats.
Prevent Them.

Get Protected

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles