There is a high probability that Chinese hackers have stolen a large amount of secret Russian military data. A relatively old breach in Microsoft Office software that has been used in conjunction with careful design cheat email.
This message comes from a website CNewsrefer to a survey published by Kaspersky ICS CERT Cybersecurity research group. The news posted did not reveal any specific details about the extent of damage caused in this large-scale cyber attack, although it did note that the attack targeted a number of industrial companies working in the industry. military sector, as well as government agencies and research institutes of the Russian Federation.
The vulnerability used to carry out the attack is known under the codename CVE-2017-11882. It was first discovered in 2017, but it seems unlikely that it has been fixed, even if the severity and level of risk is considered high.
The attack has been carried out since January 2022 by a group of TA428 linked to China that, at least to some extent, appears to be specialized. similar campaigns against Eastern European countries, including Russia. According to Kaspersky experts, hackers “have penetrated into dozens of businesses and in some businesses even completely hijacked IT infrastructure and took control of security solution management systems”.
Interestingly, for this specific activity TA428 has prepared very carefully. Malicious files were sent using phishing emails intended to spread the PortDoor virus, a virus capable of stealing data and performing espionage activities. The text in the email is designed without any obvious errors and includes many specific bits of data (such as name and organization information) that are not normally available to any outsider. It is more likely that these sensitive details or even entire email samples were stolen by TA428 in previous attacks against other affiliated businesses.
According to the report, the attack went unnoticed for several months, so one can only imagine the amount and scope of information that was stolen. The names of the affected companies were not disclosed.
