Categories: IntelligenceMalware

NetTraveler, new global cyber espionage campaign from Kaspersky

NetTraveler cyber espionage campaign, revealed by Kaspersky’s team, targeted over 350 high profile victims from 40 countries.

NetTraveler, this is the name of a new global cyber espionage campaign revealed  by researchers at Kaspersky, the team of experts discovered an espionage activity against over 350 high profile victims from 40 countries.
The name of the operation derives from the malicious code used in the attacks, the surveillance malware NetTraveler, once again the cyber espionage campaign seems to be originated from China as written in the report published by Kaspersky.
The NetTraveler campaign has been running since 2004 targeting  Tibetan/Uyghur activists, government institutions, energy companies as well as contractors and embassies.
The largest number of infections was observed in Mongolia, India and Russia but  also China and many other European countries were hit by the hackers such as Germany, the UK and Spain. Kaspersky’s team sustains that the group of hackers is composed of around 50 individuals, many of them Chinese-speaking but with a good knowledge of English.
The scheme of attack is consolidated, a spear phishing campaign was used to deceive victims and trick them into opening  files containing a malicious code that exploited two vulnerabilities in Microsoft Office including Exploit.MSWord.CVE-2010-333, Exploit.Win32.CVE-2012-0158.
The principal problem is that a great number of systems aren’t properly patched and so they are still vulnerable to exploits implemented by malware such as NetTraveler.
The researchers analyzing the C&C servers used for NetTraveler campaign discovered more than 22 gigabytes of stolen data stored, the same servers were used to download on infected machines various malware at the time, majority of malicious code detected during the investigation were created between 2010 and 2013.
however this data represents only a small fraction which we managed to see – the rest of the it had been previously downloaded and deleted from the c&c servers by the attackers.” the report states.
Another intriguing particular related to NetTraveler cyber espionage campaign is that 6 victims, including a military contractor in Russia and an embassy in Iran, were also hit by the Red October campaign revealed early this year by Kaspersky’s team.
during our analysis of nettraveler infections, we identified several victims that were infected both by nettraveler and red october. Although we see no direct links between the nettraveler attackers and the red october threat actor, the existence of victims infected by both of these campaigns is interesting.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cyber espionage, NetTraveler)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

3 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

17 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

24 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

This website uses cookies.