NetTraveler is back – with some new tricks up its sleeve

Posted by newsdesk

14996154_s14996154_sThe attack vector NetTraveler (a.k.a Netfie, Travnet or Red Star APT), has been detected again. This is a new, advanced threat that has already infected hundreds of high profile users in over 40 counries. Known targets include Tibetan/Uyghur activists, oil industry companies, research institutes and centers, universities, private companies, governments and government institutions, embassies and security suppliers.

Immediately after the public disclosure of NetTraveler activity in June 2013, the attackers shut down the command and control centers and relocated to new servers in China, Hong Kong and Taiwan. From there the attacks continued unabated, as current events prove.

During the last few days some focused attacks targeted several Uyghur activists. A Java vulnerability used to spread the current version of Red Star APT was fixed last June, but its success rates were higher than other Office vulnerabilities (CVE-2012-0158) fixed by Microsoft last April.

IHLS – Israel Homeland Security

In addition to focused attacks by e-mail, the APT operators started using the “watering hole” technique (redirecting to malicious websites) to target victims surfing the internet.

Over the last month Kaspersky Lab intercepted a number of attacks originating from the address Webstock[dot]org, a website associated with earlier NetTraveler attacks. The victims were redirected there from other Uyghur websites, also successfully attacked by the same people responsible for NetTraveler.

Read Entire Story in Israel Homeland Security

Leave a Reply

Your email address will not be published. Required fields are marked *