• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Wednesday, August 17, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

Cybereason discovers new malware, PortDoor

by Zoe Deighton Smythe
04/05/2021
in Cyber Security, PRESS RELEASE
Cybereason discovers new malware, PortDoor

Chinese hackers recently targeted a general director at the Rubin Design Bureau, a Russian defence contractor that designs nuclear submarines for the Russian Navy, using the PortDoor malware delivered via spear-phishing emails.

An undocumented malware developed by Chinese APT threat actors has just been discovered by Cybereason. According to recent reports, the threat actors are likely operating on behalf of Chinese state-sponsored interests and targeting Russia’s defence industry.

Cybereason discovered PortDoor while tracking recent developments in the RoyalRoad weaponiser, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly. PortDoor is delivered through spear-phishing attacks against high-value targets. 

It was determined, through Cybereason’s investigation, that the target of the attack was a general director working at the Rubin Design Bureau, a Russian-based defence contractor that designs nuclear submarines for the Russian Federation’s Navy.

“RoyalRoad has been one of the most used tools by Chinese threat actors in recent years,” said Assaf Dahan, Senior Director, Head of Threat Research, Cybereason. “It is mostly used in spear-phishing campaigns to lure victims into opening malicious documents. As the threat actors made changes to the RoyalRoad weaponizer, it is an indication they are trying to avoid ‘low hanging fruit’ detections to steal sensitive information from Russian defence contractors.”

The PortDoor key findings included the following:

  • RoyalRoad Variants are Under Development: The variant of the RoyalRoad weaponizer examined altered its encoded payload from the known “8.t” file to a new filename: “e.o”. More new variants are likely to be under development as well.
  • Previously Undocumented Backdoor: The newly discovered RoyalRoad RTF variant examined also drops a previously undocumented and stealthy backdoor dubbed PortDoor which is designed with obfuscation and persistence in mind.
  • Highly Targeted Attack: The threat actor is specifically targeting the Rubin Design Bureau, a part of the Russian defense sector designing submarines for the Russian Federation’s Navy.
  • Extensive Malware Capabilities: Portdoor has multiple functionalities, including the ability to do reconnaissance, target profiling, delivery of additional payloads, privilege escalation, process manipulation static detection antivirus evasion, one-byte XOR encryption, AES-encrypted data exfiltration and more.
  • APT Group Operating on Behalf of Chinese State Interests: The accumulated evidence such as the infection vector, social engineering style, use of RoyalRoad against similar targets, and other similarities between the newly discovered backdoor sample and other known Chinese APT malware all bear the hallmarks of a threat actor operating on behalf of Chinese state-sponsored interests.

 https://www.cybereason.com/

Tags: Chinese APTCybereasonCybersecurityMalwarephishing emailsPortDoorthreat actorsThreat Detection
ShareTweetShare

Related Posts

KnowBe4 launches resource kit to help defend against surging “Human Layer” attacks
Cyber Security

KnowBe4 launches resource kit to help defend against surging “Human Layer” attacks

New UK maritime security strategy to target latest physical and cyber threats
Cyber Security

New UK maritime security strategy to target latest physical and cyber threats

barox Ethernet PoE switches approved to power Redvision X4 COMMANDER PTZ camera
New Technology

barox Ethernet PoE switches approved to power Redvision X4 COMMANDER PTZ camera

Nominations open for Security Serious Unsung Heroes Awards 2022
Cyber Security

Nominations open for Security Serious Unsung Heroes Awards 2022

Feedzai and Lloyds Banking Group recognised as a Aite-Novarica Group 2022 Fraud Impact Award Winner 
Banking

Feedzai and Lloyds Banking Group recognised as a Aite-Novarica Group 2022 Fraud Impact Award Winner 

Altronix Trove expansion
Access Control

Altronix expands Trove Access and Power Integration Solutions

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.