Computer security company Kaspersky Lab said its experts have uncovered a global cyberespionage campaign, which may have been in existence for nearly a decade and compromised more than 350 computer systems in 40 countries.
The malicious NetTraveler surveillance toolkit has been active since as early as 2004, but its activity peaked between 2010 and 2013. The initial attack begins with spear-phishing emails with malicious attachments that use vulnerabilities in Microsoft Office to compromise systems.
"The NetTraveler group's main domains of interest for cyberespionage activities include space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications," Kaspersky Lab said in a statement.
Users and organizations in Mongolia and Russia were the hardest affected, followed by India, Kazakhstan, Kyrgyzstan, China, Tajikistan, South Korea, Spain and Germany.
Kaspersky Lab's experts estimate the amount of stolen data stored on NetTraveler's command and control servers at more than 22 gigabytes.
"Exfiltrated data from infected machines typically included file system listings, keyloggs, and various types of files including PDFs, excel sheets, word documents and files," Kaspersky Lab said.
In addition, the NetTraveler toolkit was able to install additional info-stealing malware, such as a backdoor.
A Message from The Moscow Times:
Dear readers,
We are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times as an "undesirable" organization, criminalizing our work and putting our staff at risk of prosecution. This follows our earlier unjust labeling as a "foreign agent."
These actions are direct attempts to silence independent journalism in Russia. The authorities claim our work "discredits the decisions of the Russian leadership." We see things differently: we strive to provide accurate, unbiased reporting on Russia.
We, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.
Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and every contribution makes a significant impact.
By supporting The Moscow Times, you're defending open, independent journalism in the face of repression. Thank you for standing with us.
Remind me later.
