Researchers at the Kaspersky Lab have written extensively about NetTraveler – a group of malicious programs that APT actors have used to compromise over 350 high-profile victims in 40 countries.
Detailing on the methods that miscreants used to further their attacks, the report adds that they first infected victims by sending clever spear-phishing emails with malicious Microsoft Office attachments. These MS-Office attachments are infected with two highly exploited vulnerabilities, namely CVE-2012-0158 and CVE-2010-3333. Worryingly though, despite Microsoft having already issued patches to fix these vulnerabilities, they're still widely used for exploitation in targeted attacks and have even proved to be effective.
Victims were targeted using spear-phishing emails
Interestingly, the titles of the malware-ridden attachments in the spear-phishing emails reveal the NetTraveler group's attempts at customising their attacks to infect their high-profile targets. Some of the notable titles include:
- Army Cyber Security Policy 2013.doc
- Report – Asia Defense Spending Boom.doc
- Activity Details.doc
- His Holiness the Dalai Lama’s visit to Switzerland day 4
- Freedom of Speech.doc
As per the findings put forth by the researchers, although this threat actor has been active since 2004, the highest volume of its activity has happened from 2010 to 2013. The group has been found targeting avenues like space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications, for its cyber espionage activities.
Here's a closer look at the statistics at hand:
At the end of their analysis of NetTraveler's C&C data, researchers found that there were a total of 350 victims in 40 countries across including the United States, Canada, United Kingdom, Russia, Chile, Morocco, Greece, Belgium, Austria, Ukraine, Lithuania, Belarus, Australia, Hong Kong, Japan, China, Mongolia, Iran, Turkey, India, Pakistan, South Korea, Thailand, Qatar, Kazakhstan and Jordan.
Additionally, the top ten countries with victims detected by KSN were Mongolia followed by Russia, India, Kazakhstan, Kyrgyzstan, China, Tajikistan, South Korea, Spain and Germany.