IT security company Kaspersky Lab says it has uncovered evidence of a nine-year cyber espionage campaign with over 350 high-profile victims.
Since 2004, a malware tool known as NetTraveler has been used to steal information from government institutions, embassies, research centres, and military contractors, as well as activists and oil and gas companies in 40 countries, Kaspersky Lab claims.
The tool has been used to steal valuable intellectual property from the victims, Kaspersky said, with a special focus on space and exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications.
Kaspersky Lab analysed logs of serveral command and control linked to the NetTraveler infection, and found evidence of more that 22 gigabytes of stolen information. “This data represents only a small fraction which we managed to see,” the company said in a report released yesterday. “The rest of it had been previously downloaded and deleted from the C&C servers by the hackers.”
The malware was distributed via email attachments, Kaspersky claims.
“Attackers infected victims by sending clever spear-phishing emails with malicious Microsoft Office attachments that are rigged with two highly exploited vulnerabilities,” Kaspersky said in its report. “Even though Microsoft already issued patches for these vulnerabilities, they’re still widely used for exploitation in targeted attacks and have proven to be effective.”
Six of the victims identified by Kaspersky were also targets of Red October, a threat uncovered by the company in January and which it says originated in China. Based on “collected intelligence”, Kaspersky estimates that the NetTraveler attacks originate from a group of around 50 individuals, most of which speak Chinese natively.
However, the Kaspersky report does not directly link the NetTraveler campaign to the Chinese government.
White House officials have told reporters that President Obama plans to confront Chinese president Xi Jingping about cyber security during talks later this week. Obama will say that the US holds the Chinese government responsible for cyber attacks originating in China.
Meanwhile, a Chinese official has claimed this week that the country has "mountains of data" showing evidence of US-backed cyber attacks against it.
"We have mountains of data, if we wanted to accuse the US, but it's not helpful in solving the problem," Huang Chengqing, head of China's CERT, told the China Daily newspaper.