top of page

Chinese APT Hacks via Invisible Backdoor in Software Updates

A newly discovered Chinese APT group, dubbed "Blackwood," has been secretly injecting a backdoor into software updates for legitimate programs. This allows them to remotely access infected machines and potentially steal data or cause other damage.

Here's the gist:

  • No Phishing: Blackwood doesn't rely on traditional phishing tactics like infected websites or emails.

  • Hidden in Updates: The backdoor sneaks into the updates of genuine software downloaded from trustworthy servers via unencrypted HTTP connections.

  • Targeting Unknown: Currently, it's unclear which programs or servers are affected, or who the specific targets are.

  • Exploiting Network Implants: Experts speculate Blackwood might be using existing network implants in targeted networks to inject the backdoor.

  • Active for Years: This attack has been ongoing since at least 2018, highlighting the need for better network and software security.

This sophisticated new attack technique, bypassing typical intrusion methods, shows the evolving and increasingly stealthy nature of cyber threats. Organizations and individuals must prioritize updating software with secure connections and stay vigilant against such unseen digital dangers.

Recent Posts

See All
bottom of page