Security News > 2021 > April > Unknown Chinese APT Targets Russian Defense Sector
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored.
One sample was found dropping previously unknown malware, that the Cybereason researchers have now called PortDoor.
There are linguistic and visual similarities in the associated phishing emails between the PortDoor attack and earlier Tonto Team attacks against Russian organizations.
The researchers note that PortDoor "Does not seem to share significant code similarities with previously known malware used by the abovementioned groups it is not a variant of a known malware, but is in fact novel malware that was developed recently." Nevertheless, Cybereason believes that PortDoor in this case is operated by an APT group operating on behalf of Chinese state-sponsored interests.
Cybereason is not sufficiently confident to attribute PortDoor to any known group.
It does call PortDoor an APT - an epithet usually but not necessarily exclusively applied to state-sponsored actors and their malware.