Security News > 2021 > April > Suspected Chinese state hackers target Russian submarine designer

Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy.

Threat researchers at Cybereason Nocturnus found that the attacker lured the recipient to open the malicious document with a general description for an autonomous underwater vehicle.

The use of RoyalRoad has been linked in the past to several threat actors working on behalf of the Chinese government, like Tick, Tonto Team, TA428, Goblin Panda, Rancor, Naikon.

The researchers attributed PortDoor to a Chinese state-sponsored hacker group based on similarities in tactics, techniques, and procedures with other China-linked threat actors.

Based on work from security researcher nao sec, Cybereason was able to determine that the malicious RTF document was created with RoaylRoad v7 with a header encoding associated with operations from Tonto Team, Rancor, and TA428.

"Lastly, we are also aware that there could be other groups, known or yet unknown, that could be behind the attack and the development of the PortDoor backdoor. We hope that as time goes by, and with more evidence gathered, the attribution could be more concrete" - Cybereason.

News URL

https://www.bleepingcomputer.com/news/security/suspected-chinese-state-hackers-target-russian-submarine-designer/