Kaspersky Lab (News - Alert), a private vendor of endpoint protection solutions recently released a paper on a cyber-espionage campaign that used NetTraveler, a malicious program used for covert computer surveillance.
The security researchers have identified that NetTraveler (also known as “Travnet”, “Netfile” or Red Star AP) has already infected hundreds of high profile computer systems in more than 40 countries. NetTraveler has targeted Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.
The researchers find out that several spear-phishing e-mails were sent to multiple Uyghur activists and the Java exploit used to distribute this new variant of the Red Star APT (News - Alert) was only recently patched in June 2013 and has a much higher success rate. The earlier attacks have used Office exploits (CVE-2012-0158) that was patched by Microsoft (News - Alert) last April.
Kaspersky Lab’s Global Research and Analysis Team (GReAT) experts have also offered recommendations on how to stay safe from such attack. The users should start using update Java to the most recent version or, if you don’t use Java, uninstall it. You should use Microsoft Windows and Office to the latest versions and update all other third party software, such as Adobe (News - Alert) Reader. You should use a secure browser such as Google Chrome, which has a faster development and patching cycle than Windows’ default Internet Explorer.
Last month, Kaspersky Lab has intercepted and blocked a number of infection attempts from the “wetstock [dot]org” domain that is a known site linked to previous NetTraveler attacks. In June 2013, right after the public exposure of the NetTraveler operations, the attackers shut down all known command and control systems and moved them to new servers in China, Hong Kong and Taiwan.
Costin Raiu, Director of Global Research & Analysis Team Kaspersky Lab, said in a statement, “So far, we haven’t observed the use of zero-day vulnerabilities with the NetTraveler group. To defend against those, although patches don’t help, but technologies such as Automatic Exploit Prevention and DefaultDeny can be quite effective fighting advanced persistent threats.”