Subj : This top Microsoft Office alternative has been hijacked by Chines
To   : All
From : TechnologyDaily
Date : Fri Jan 26 2024 13:15:04

This top Microsoft Office alternative has been hijacked by Chinese hackers  
and their malware is coming for your devices

Date:
Fri, 26 Jan 2024 13:01:28 +0000

Description:
WPS Office hit by new adversary-in-the-middle attack targeting enterprise 
users.

FULL STORY
======================================================================

Chinese hackers are hijacking legitimate software updates to deliver 
backdoors capable of stealing sensitive information from the target 
endpoints, experts have warned. 

A new report from cybersecurity researchers ESET recently observed a 
previously unknown threat actor which they dubbed Blackwood. 

This group, which apparently is on the Chinese governments payroll, delivers 
malware through software updates for legitimate tools such as WPS Office, 
Tencent QQ, and Sogou Pinyin. Potent tool 

This doesnt seem to be a classic supply chain attack, as the software itself 
is not compromised, and neither are the updates. Instead, the hackers 
intercept the traffic between the server hosting the update and the target 
endpoint and work in the middle. It is unknown exactly how the attackers are 
able to intercept the traffic. ESET believes Blackwood might be using an 
implant in the victims networks, possibly in routers and similar devices. 

The malware they look to install on target endpoints is called NSPX30. The 
researchers describe this malware as sophisticated, and say its built upon a 
simple backdoor from 2005 called Project Wood. 

NSPX30 has grown into a capable tool, however. Today, it can log keystrokes, 
grab screenshots, pull system information, and exfiltrate other data from the 
devices. It can also steal chat logs and contact lists from different 
communications apps, including Telegram, and Skype. Finally, it can terminate 
processes by PID, create a reverse shell, move files, and uninstall itself if 
necessary. 

Most of the victims seem to be located in China. However, there are 
compromised devices in Japan, and the United Kingdom, too. Blackwoods 
activities can be traced back to 2020. 

Those looking to stay protected from Blackwood and similar threats should 
read ESETs in-depth report on the malware and its operations, here . This 
report, among other things, offers a list of indicators of compromise which 
IT teams can use to protect their infrastructure. More from TechRadar Pro 
Chinese hackers quietly exploited a VMware zero-day for two years Here's a 
list of the best firewalls around today These are the best endpoint security 
tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-top-microsoft-office-alternative-h
as-been-hijacked-by-chinese-hackers-and-their-malware-is-coming-for-your-devic
es


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.