All the latest UK technology news, reviews and analysis


Kaspersky uncovers advanced Operation NetTraveler malware attacking UK systems

04 Jun 2013
Digital security padlock red image

Kaspersky Lab has uncovered a dangerous cyber espionage campaign stealing vast amounts of sensitive data from 350 unnamed ‘high profile' businesses and government agencies, some of whom are based in the UK.

The Russian security firm reported uncovering the campaign, codenamed Operation NetTraveler, on Tuesday, confirming it had detected it running in over 40 different countries. Known victims include the UK and US as well as Canada, Russia and China.

The malware used has infected a wide variety of groups and agencies in both the public and private sector. These included government institutions, embassies research centers, military contractors and activists and several firms connected to areas of infrastructure like oil and gas industry. Kaspersky said the kit is designed for data theft and espionage purposes, but not sabotage like the infamous Stuxnet malware.

The Russian firm said that at least six of the known victims were also successfully infiltrated by the previously discovered Red October campaign, indicating there are several high-profile, well funded hacker groups active in the wild. Red October is a cyber espionage believed to be run by cyber criminals in Russia, uncovered by Kaspersky in January.

Kaspersky Operation NetTraveler

Kaspersky said initial analysis suggests the campaign's command and control servers are used to spread and install further malware, as well as forward stolen data, on infected machines. The malware focuses on collecting keyloggs as well as various types of files including PDFs, Excel sheets, Word documents and other files. Kaspersky estimates it has already successfully stolen at least 22GB of data from its known victims.

Worse still, the Russian security vendor reported seeing at least one example of the criminals using the malware as a backdoor, warning it could theoretically be customised to steal other types of sensitive information.

The campaign initially targets its victims using tailored spear-phishing emails infected with malicious Microsoft Office attachments. The malicious attachments target the CVE-2012-0158 and CVE-2010-3333 vulnerabilities. Both the vulnerabilities have been patched by Microsoft. Kaspersky Lab recommended all network administrators check their systems and ensure the patches are installed.

The campaign is one of many sophisticated threats uncovered by Kaspersky Lab in recent years. The firm also played a part uncovering the notorious Flame malware.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs
Poll

Windows 10 poll

What are your first impressions of Windows 10?
12%
5%
10%
4%
20%
3%
46%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

PHP Web Developer - Milton Keynes

PHP Developer - MySQL / HTML / CSS / JavaScript - Innovative...

Senior Server Engineer/3rd Line Support

DV Cleared Senior Server Engineer/3rd Line Support Engineer...

1st Line Application Support - Southampton, Hampshire - £20K

1st Line Application Support - Southampton, Hampshire...

Java Software Engineer

Role: Java Software Engineer Duration: 6 months...
To send to more than one email address, simply separate each address with a comma.