All the latest UK technology news, reviews and analysis


Kaspersky uncovers advanced Operation NetTraveler malware attacking UK systems

04 Jun 2013
Digital security padlock red image

Kaspersky Lab has uncovered a dangerous cyber espionage campaign stealing vast amounts of sensitive data from 350 unnamed ‘high profile' businesses and government agencies, some of whom are based in the UK.

The Russian security firm reported uncovering the campaign, codenamed Operation NetTraveler, on Tuesday, confirming it had detected it running in over 40 different countries. Known victims include the UK and US as well as Canada, Russia and China.

The malware used has infected a wide variety of groups and agencies in both the public and private sector. These included government institutions, embassies research centers, military contractors and activists and several firms connected to areas of infrastructure like oil and gas industry. Kaspersky said the kit is designed for data theft and espionage purposes, but not sabotage like the infamous Stuxnet malware.

The Russian firm said that at least six of the known victims were also successfully infiltrated by the previously discovered Red October campaign, indicating there are several high-profile, well funded hacker groups active in the wild. Red October is a cyber espionage believed to be run by cyber criminals in Russia, uncovered by Kaspersky in January.

Kaspersky Operation NetTraveler

Kaspersky said initial analysis suggests the campaign's command and control servers are used to spread and install further malware, as well as forward stolen data, on infected machines. The malware focuses on collecting keyloggs as well as various types of files including PDFs, Excel sheets, Word documents and other files. Kaspersky estimates it has already successfully stolen at least 22GB of data from its known victims.

Worse still, the Russian security vendor reported seeing at least one example of the criminals using the malware as a backdoor, warning it could theoretically be customised to steal other types of sensitive information.

The campaign initially targets its victims using tailored spear-phishing emails infected with malicious Microsoft Office attachments. The malicious attachments target the CVE-2012-0158 and CVE-2010-3333 vulnerabilities. Both the vulnerabilities have been patched by Microsoft. Kaspersky Lab recommended all network administrators check their systems and ensure the patches are installed.

The campaign is one of many sophisticated threats uncovered by Kaspersky Lab in recent years. The firm also played a part uncovering the notorious Flame malware.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
21%
13%
4%
22%
29%
11%

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Senior IT Systems Analyst - Edinburgh

Senior IT Systems Analyst- Edinburgh - Competitive Salary...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

2nd Line Support Engineer

2nd Line Support Engineer FFGroup are looking for a...

Developers - Freelance and Permanent

Seven Publishing are rapidly expanding our network of...
To send to more than one email address, simply separate each address with a comma.