All the latest UK technology news, reviews and analysis

Kaspersky uncovers advanced Operation NetTraveler malware attacking UK systems

04 Jun 2013
Digital security padlock red image

Kaspersky Lab has uncovered a dangerous cyber espionage campaign stealing vast amounts of sensitive data from 350 unnamed ‘high profile' businesses and government agencies, some of whom are based in the UK.

The Russian security firm reported uncovering the campaign, codenamed Operation NetTraveler, on Tuesday, confirming it had detected it running in over 40 different countries. Known victims include the UK and US as well as Canada, Russia and China.

The malware used has infected a wide variety of groups and agencies in both the public and private sector. These included government institutions, embassies research centers, military contractors and activists and several firms connected to areas of infrastructure like oil and gas industry. Kaspersky said the kit is designed for data theft and espionage purposes, but not sabotage like the infamous Stuxnet malware.

The Russian firm said that at least six of the known victims were also successfully infiltrated by the previously discovered Red October campaign, indicating there are several high-profile, well funded hacker groups active in the wild. Red October is a cyber espionage believed to be run by cyber criminals in Russia, uncovered by Kaspersky in January.

Kaspersky Operation NetTraveler

Kaspersky said initial analysis suggests the campaign's command and control servers are used to spread and install further malware, as well as forward stolen data, on infected machines. The malware focuses on collecting keyloggs as well as various types of files including PDFs, Excel sheets, Word documents and other files. Kaspersky estimates it has already successfully stolen at least 22GB of data from its known victims.

Worse still, the Russian security vendor reported seeing at least one example of the criminals using the malware as a backdoor, warning it could theoretically be customised to steal other types of sensitive information.

The campaign initially targets its victims using tailored spear-phishing emails infected with malicious Microsoft Office attachments. The malicious attachments target the CVE-2012-0158 and CVE-2010-3333 vulnerabilities. Both the vulnerabilities have been patched by Microsoft. Kaspersky Lab recommended all network administrators check their systems and ensure the patches are installed.

The campaign is one of many sophisticated threats uncovered by Kaspersky Lab in recent years. The firm also played a part uncovering the notorious Flame malware.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

testjobpleaseignore (autonormal)

29.01.2015 11:23:55 Adventure Instructor ...

Business Development Manager, TMS Software

Job Title: Business Development Manager, TMS Software...

Client Project Manager - Financial Services Software

My client is a software business focused on the development...

Senior C# Developer - Swindon - £38K - FTSE100 - ASP.NET, SQL

Senior C# Developer - Swindon - £38K - FTSE100 A FTSE100...
To send to more than one email address, simply separate each address with a comma.