Chinese Hackers ‘Behind NetTraveller Global Cyber Surveillance’

A global cyber espionage campaign affecting over 350 government-related organisations, appears to be the work of Chinese hackers.

The NetTraveler data-stealing tool was spotted by Kaspersky running in 40 countries. The main targets of the campaign, which has been running since 2004, are government institutions, contractors and embassies, as well as the oil and gas industry, the Russian security firm said.

More recently, the Chinese hackers have shown an interest space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications, according to the anti-virus company’s report.

But Tibetan activists have also been hit. Fingers have previously been pointed at the Chinese government following discoveries of malware aimed at Tibetan dissidents. It has always denied accusations it is using hacking techniques for any kind of cyber surveillance.

Chinese hackers at it again

Based on its intelligence, Kaspersky believes the NetTraveller perpetrators consist of around 50 individuals, most of whom speak Chinese “natively” but also have a decent level of English.

The highest number of infections were in Mongolia, followed by India and Russia. UK organisations were also hit.

There is a second part to Kaspersky’s findings, in which it goes into greater detail on attributing the attacks, but the firm is not sharing it with press, TechWeekEurope was told. Only select organisations, including government bodies, will get that extra insight.

The findings come ahead of a meeting between US President Obama and Chinese President Xi Jinping in California this week, where they are set to discuss cyber espionage issues.

The attackers are using two vulnerabilities in Microsoft Office, which have been patched but remain highly-popular on the hacking scene, and have run NetTraveler alongside other malware.

Spear phishing emails were used to trick targets into opening malicious documents. They were unsophisticated, yet effective attacks, Kaspersky said.

“We have calculated the amount of stolen data stored on C&C [command and control] servers to be 22+ gigabytes. However, this data represents only a small fraction which we managed to see – the rest of the it had been previously downloaded and deleted  from the C&C servers by the attackers,” the Kasperksy report read.

The malware focused on siphoning common file types such as DOC, XLS and PDF files, although it can be commanded to pilfer on other data.

Six victims were also hit by the Red October attackers, whom Kaspersky had profiled last year. Those victims included a military contractor in Russia and an embassy in Iran.

Do you know about Chinese tech? Try our quiz and find out!