Targeting of industrial enterprises and public institutions in Central Asia and Eastern Europe

Date of report

August 2022

Affiliations

APT 18

Chinese hackers used phishing emails to plant PortDoor malware on the systems of industrial organizations in Afghanistan, Belarus, Russia, and Ukraine. Security researchers detected the hackers exfiltrating data to a server with a Chinese IP address.

Suspected victims

Industrial plants, design bureaus, research institutes, and government organizations in Afghanistan, Belarus, Russia, and Ukraine.

Suspected state sponsor

China

Type of incident

Espionage

Target category

Government
Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Targeted attack on industrial enterprises and public institutions

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events