By Kevin Townsend on April 30, 2021
Researchers at Cybereason say they have discovered an undocumented malware targeting the Russian military sector and bearing the hallmarks of originating in China if not being Chinese state sponsored.
The researchers had been tracking malicious RTFs generated by the RoyalRoad weaponizer (aka the 8.t Dropper/RTF exploit builder), which is known to be often used by Chinese state actors. One sample was found dropping previously unknown malware, that the Cybereason researchers have now called PortDoor.
According to the phishing lure associated with the malicious RTF, the target was a general director working at the Rubin Design Bureau. This is a Russia-based defense contractor that designs nuclear submarines for the Russian Navy.