1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This top Microsoft Office alternative has been hijacked by Chines

    From TechnologyDaily@1337:1/100 to All on Fri Jan 26 13:15:04 2024
    This top Microsoft Office alternative has been hijacked by Chinese hackers and their malware is coming for your devices

    Date:
    Fri, 26 Jan 2024 13:01:28 +0000

    Description:
    WPS Office hit by new adversary-in-the-middle attack targeting enterprise users.

    FULL STORY ======================================================================

    Chinese hackers are hijacking legitimate software updates to deliver
    backdoors capable of stealing sensitive information from the target
    endpoints, experts have warned.

    A new report from cybersecurity researchers ESET recently observed a previously unknown threat actor which they dubbed Blackwood.

    This group, which apparently is on the Chinese governments payroll, delivers malware through software updates for legitimate tools such as WPS Office, Tencent QQ, and Sogou Pinyin. Potent tool

    This doesnt seem to be a classic supply chain attack, as the software itself is not compromised, and neither are the updates. Instead, the hackers intercept the traffic between the server hosting the update and the target endpoint and work in the middle. It is unknown exactly how the attackers are able to intercept the traffic. ESET believes Blackwood might be using an implant in the victims networks, possibly in routers and similar devices.

    The malware they look to install on target endpoints is called NSPX30. The researchers describe this malware as sophisticated, and say its built upon a simple backdoor from 2005 called Project Wood.

    NSPX30 has grown into a capable tool, however. Today, it can log keystrokes, grab screenshots, pull system information, and exfiltrate other data from the devices. It can also steal chat logs and contact lists from different communications apps, including Telegram, and Skype. Finally, it can terminate processes by PID, create a reverse shell, move files, and uninstall itself if necessary.

    Most of the victims seem to be located in China. However, there are compromised devices in Japan, and the United Kingdom, too. Blackwoods activities can be traced back to 2020.

    Those looking to stay protected from Blackwood and similar threats should
    read ESETs in-depth report on the malware and its operations, here . This report, among other things, offers a list of indicators of compromise which
    IT teams can use to protect their infrastructure. More from TechRadar Pro Chinese hackers quietly exploited a VMware zero-day for two years Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-top-microsoft-office-alternative-h as-been-hijacked-by-chinese-hackers-and-their-malware-is-coming-for-your-devic es


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)