London: Chinese hackers attacked Rubin Design Bureau, a company that has designed nuclear submarines for the Russian Navy. According to a US-based cybersecurity group, the hackers tried to hack the design of a submarine built by the Russian company. The Rubin Design Bureau is a leading Russian company that has designed the Akula class submarines. Meanwhile, a news outlet on cybersecurity claims the People’s Liberation Army or PLA-affiliated Chinese hackers are constantly hacking government and military websites of countries in the region.
Cybereason Nocturnes Team, a US-based cyber threat security company, has released details of the cyberattack on the Russian company. Last week, the hackers had sent a phishing email to Igor Vladimirovich, Director of the Rubin Design Bureau. The RoyalRoad malware tool weaponised an RTF document attached to the email to assist the hacking. The cybersecurity company said the malicious document sent by hackers contained a deceptive design for an autonomous submarine.
Cybereason believes that PortDoor malware, which has on previous occasions been used effectively, was released using the RoyalRoad payload into the Russian company director’s computer and connected networks. The PortDoor malware is used to spy, extract complete information from a computer, and aggressively spread the malware. According to the US cybersecurity company, the RoyalRoad tool has been used previously to deliver PortDoor malware by Chinese hackers.
The malware was also used to carry out cyberattacks in the United States by hacker groups linked to China‘s communist regime, like Tick, Tonto Team, TA428, Goblin Panda, Rancor and Niakon. Therefore, Cybereason strongly believes Chinese state hackers linked to the PLA may be responsible for the attack at the Russian company. Details have not been disclosed on the extent of the hack and information extracted from the Russian company. However, US cybersecurity firm and media suggest that the malware can function inside the system by remaining undetected for a long time.
Rubin Design Bureau is a crucial Russian submarine designer, which has designed Russia’s Akula class nuclear submarines. The Akula class submarines are used by the Indian Navy as well. Indian Navy’s INS Chakra is an Akula-2 class submarine. In addition, another submarine of the Akula class will be joining the Indian Navy by 2025. Thus the PLA cyberattack on the Russian submarine designer could be a matter of concern for Russia as well as the Indian Navy.
Meanwhile, a cybersecurity website accused PLA-affiliated hacker groups of targeting government and military institutions of Southeast Asian nations for the past two years. According to the website, China’s Niakon is the leading among them. The group has hacked into government agencies in Australia, Indonesia, the Philippines and Vietnam, the website said.