A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It’s said to be active since at least 2018. […]
Attackers need to be in an adversary-in-the-middle position to intercept and modify the handshake exchange, making network compromise a key factor in executing the Terrapin attack.