A group of security researchers have uncovered the presence of NetTraveler in a cyberespionage campaign that has successfully infiltrated high-profile targets worldwide.
Security experts at Kaspersky Lab have been keeping tabs on the campaign over the past few years. In a blog post Tuesday published by the antivirus provider, security researchers said that over 350 high-profile victims in 40 countries have been affected by the NetTraveler tool — a program used for subtle computer surveillance.
"NetTraveler" is named as such due to an internal string which was present in early versions. The earliest references towards the malicious program stem from 2004, although the largest number of samples found were created between 2010 and 2013.
Targets of the program include activists in Tibet and Uyghur, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies, and military contractors. Most recently, NetTraveler has been used in attacks focused on cyberespionage campaigns around space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications. The victims' profiles are displayed below:
The highest rates of infection were recorded in Mongolia, followed by India and Russia. However, NetTraveler was discovered in 40 countries worldwide, including China, South Korea, Spain, Germany, the United States, the United Kingdom, Chile, Australia and Hong Kong.
Six of the victims were also targeted by Red October. The Flame-like campaign spied on diplomats and governments worldwide, gathering data and intelligence from "mobile devices, computer systems and network equipment" and is currently still active. In the same manner as NetTraveler, the malicious code is sent via spear phishing emails.
The researchers commented:
"Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language. NetTraveler is designed to steal sensitive data as well as log keystrokes and retrieve file system listings and various Office or PDF documents."
For more in-depth look at NetTraveler, a full report can be found here (pdf.).