PortDoor Espionage Malware Takes Aim at Russian Defense Sector
#1
Information 
Quote:A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor (APT) to target the Russian defense sector, according to researchers.
 
The Cybereason Nocturnus Team observed the cybercriminals specifically going after the Rubin Design Bureau, which designs submarines for the Russian Federation’s Navy. The initial target of the attack was a general director there named Igor Vladimirovich, researchers said, who received a phishing email.
 
The attack began with the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder – a tool that Cybereason said is part of the arsenal of several Chinese APTs, such as Tick, Tonto Team and TA428. RoyalRoad generates weaponized RTF documents that exploit vulnerabilities in Microsoft’s Equation Editor (CVE-2017-11882, CVE-2018-0798 and CVE-2018-0802).
 
The use of RoyalRoad is one of the reasons the company believes Chinese cybercriminals to be behind the attack.
 
“The accumulated evidence, such as the infection vector, social-engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware, all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests,” according to a Cybereason analysis, published Friday.

Read more: PortDoor Espionage Malware Takes Aim at Russian Defense Sector | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.5 Both no...Kool — 09:45
Opera 115.0.5322.119
Version 115.0.5322...harlan4096 — 09:16
AdGuard Browser Extension 4.4.49 (MV2)
AdGuard Browser Ex...harlan4096 — 09:13
Hasleo Backup Suite 5.0
Hasleo Backup Suit...harlan4096 — 09:12
NVIDIA GeForce display driver Hotfix 566...
GeForce Hotfix Dri...harlan4096 — 09:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>