Russian submarine design agency, the Rubin Design Bureau, has allegedly been compromised by Chinese cyber attackers.
The Russian submarine design agency, the Rubin Design Bureau, has allegedly been breached with malware with similar characteristics to typical Chinese malware via a spear phishing email.
The cyber attack was initially reported by cyber security company Cybereason, using the PortDoor malware delivered via a RoyalRoad injection service.
“APT Group Operating on Behalf of Chinese State Interests: The accumulated evidence such as the infection vector, social engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests," Cybereason reported.
The company further reported that the target of the attack was a general director within the design agency, Igor Vladimirovich. The Rubin Design Bureau is one of Russia's largest submarine design agencies.
Rubin recently unveiled a new patrol vessel that is able to dive below sea level in order to operate as a submarine, as well as the unmanned "Poseidon" submarine vessel that can carry nuclear torpedoes. It is not suggested that the hack has any link to recent Rubin advancements.
According to Cybereason, the spear phishing email with the malware was allegedly addressed to "respectful general director Igor Vladimirovich” with a malicious attachment which deposited the "winlog.wll" payload.