Chinese APT’s Adversary-in-the-Middle Tool Dissected - SecurityWeek

ESET analyzed Spellbinder, a tool used by the Chinese APT TheWizards for adversary-in-the-middle attacks and backdoor deployment. The tool, which targets Chinese applications, was used to hijack Tencent QQ updates and deploy the WizardNet backdoor. TheWizards, linked to UPSEC, has been active since at least 2022 and targets individuals and organizations in several Asian countries.