Although it rarely makes the headlines, national governments around the world are fighting constant battles online against criminal hacking groups. Often sponsored by other governments, these groups work to destabilise economies, damage critical civilian infrastructure like power networks – and even take on the armed forces.
Researchers have discovered a new malware variant called PortDoor – and which they believe is being used by Chinese hacking groups to target Russia. PortDoor has already been detected in an attack against a company that designs nuclear submarines for the Russian navy.
A malware swiss army knife
Analysis shows that PortDoor has multiple functionalities. Once it has successfully infiltrated a victim’s computer, hackers can install other applications, bypass security mechanisms and encrypt and steal data. PortDoor is also able to disguise itself so that traditional antimalware applications cannot automatically detect and remove it.
Why China is using PortDoor to attack Russian defence contractors is not yet known. There is a suggestion that hacking groups are being paid to steal confidential plans and intellectual property by the Chinese government for their own submarine building program.
Can my computer catch PortDoor?
Although current infections seem to be directed at specific targets, there is always a risk that the malware could spread. Once ‘in the wild’, your computer could be in danger of infection.
How can I protect against PortDoor malware?
As always, the best defence against clever malware is an even smarter antivirus app like Panda Dome. Panda Dome monitors your computer for suspicious behaviour, automatically blocking malware activity. Download a free trial here.
PortDoor installs itself on a computer using an infected rich text format document (a common format used by word processing programs). The infected document relies on a vulnerability in the Equation Editor feature of Microsoft Office to install malicious code.
Equation Editor is an advanced tool used to insert mathematical equations into your Word documents and PowerPoint presentations. Most home users do not know these tools exist let alone use them.
The best way to protect against Microsoft Office malware is to disable macro support in Word, Excel and PowerPoint. Because this is a power-user feature, Microsoft has taken the decision to disable macros by default, closing this route to most malware.
It is a good idea to check your Office 365 settings every now and then to ensure that macros are still blocked. This handy guide from Microsoft shows you what to do.
Is nuclear war imminent?
The discovery of PortDoor malware on computers being used to design nuclear submarines is concerning. However, it is important to note that these computers are not used for controlling military systems; hackers may be able to break in and steal data, but they cannot launch weapons or affect the operations of submarines at sea.
The current PortDoor outbreak appears to be a basic case of international espionage – but it shows the kinds of threats our governments are dealing with on a daily basis.