The largest among the three Soviet/Russian submarine design centres, Rubin Design Bureau, has reported that they have suffered a breach following a cyber-attack using a spear phishing technique to deliver malicious software to the agency. The malicious software had the characteristics of Chinese malware, according to experts. The breach used the RoyalRoad injection method to deliver the PortDoor malware, which is a backdoor malware that allows threat actors to gain access to Rubin Design Bureau deep within their system.
The individuals who launched the cyber attack on Rubin have not been identified, however they are likely operating on behalf of Chinese state-sponsored interests. They were able to combine social engineering, injection methods and backdoor exploitation to gain information on the latest submarine designs for the Russian defence. Their main target was the General Director, who had all the relevant designs and information.
The initial infection vector is a spear-phishing email addressed to the “respectful general director Igor Vladimirovich” at the Rubin Design Bureau, a submarine design centre from the “Gidropribor” concern in St. Petersburg, It is a national research centre that designs underwater weapons.
Among the designs that were leaked because of this breach was a patrol vehicle that can submerge underwater to act as a submarine, along with an unmanned submarine named “Poseidon” that can carry nuclear torpedoes. The agency has confirmed that the breach was not related to the fact Rubin Design Bureau was making great strides in their work in this area. However, Rubin Design Agency has work to do in patching up this vulnerability and address the backdoor malware within their system, along with strengthening networks so that an injection is not possible anymore.
Trying to protect your system from cyber-attack can be extremely difficult. Contact us at Agilient for information on global standards in cybersecurity planning and implementation.
Author: Saeed Baayoun, Agilient Consultant