Security News > 2021 > May > New Chinese Malware Targeted Russia's Largest Nuclear Submarine Designer
A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.
Rubin Design Bureau is a submarine design center located in Saint Petersburg, accounting for the design of over 85% of submarines in the Soviet and Russian Navy since its origins in 1901, including several generations of strategic missile cruiser submarines.
Over the years, Royal Road has earned its place as a tool of choice among an array of Chinese threat actors such as Goblin Panda, Rancor Group, TA428, Tick, and Tonto Team.
Known for exploiting multiple flaws in Microsoft's Equation Editor as far back as late 2018, the attacks take the form of targeted spear-phishing campaigns that utilize malicious RTF documents to deliver custom malware to unsuspecting high-value targets.
This newly discovered attack is no different, with the adversary using a spear-phishing email addressed to the submarine design firm as an initial infection vector.
"The infection vector, social engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests," the researchers said.