Surveillance malware targets 350 high profile victims in 40 countries

A global cyber espionage campaign affecting over 350 high profile victims in 40 countries, appears to be the work of Chinese hackers using a Surveillance malware called “NetTraveler”.

Kaspersky Lab’s team of experts published a new research report about NetTraveler, which is a family of malicious programs used by APT cyber crooks. The main targets of the campaign, which has been running since 2004, are Tibetan/Uyghur activists, government institutions, contractors and embassies, as well as the oil and gas industry.

Spear phishing emails were used to trick targets into opening malicious documents. The attackers are using two vulnerabilities in Microsoft Office including Exploit.MSWord.CVE-2010-333, Exploit.Win32.CVE-2012-0158, which have been patched but remain highly-popular on the hacking scene, and have run NetTraveler alongside other malware.

C&C servers are used to install additional malware on infected machines and exfiltrate stolen data and more than 22 gigabytes amount of stolen data stored on NetTraveler’s C&C servers.

According to researchers, the largest number of samples we observed were created between 2010 and 2013. The largest number of infections has been spotted in Mongolia, India and Russia, also in China, South Korea, Germany, the US, Canada, the UK, Austria, Japan, Iran, Pakistan, Spain and Australia.

Researchers believe that hackers team behind this attack are 50 individuals, most of whom speak Chinese natively but also have a decent level of English.

Six victims were also hit by the Red October attackers, whom Kaspersky had profiled last year. Those victims included a military contractor in Russia and an embassy in Iran.