blank

A threat actor believed to be working on behalf of Chinese state-sponsored interests was recently observed targeting a Russia-based defense contractor involved in designing nuclear submarines for the naval arm of the Russian Armed Forces.

The phishing attack, which singled out a general director working at the Rubin Design Bureau, leveraged the infamous ”Royal Road” Rich Text Format (RTF) weaponizer to deliver a previously undocumented Windows backdoor dubbed ”PortDoor,” according to Cybereason’s Nocturnus threat intelligence team.

”Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more,” the researchers said in a write-up on Friday.

The Hacker News

0 0 röster
Article Rating
0
Vi vill mycket gärna höra vad du tycker - kommentera mera!x
()
x