As reported by V3.co.uk, researchers at Kaspersky Lab have detailed a cyber theft and espionage campaign (which was also discussed in March by Symantec and McAfee) dubbed “Operation NetTraveler”, which has already targeted 350 high-profile government agencies and businesses – such as military contractors, and several firms linked to the oil, gas and energy industry — across 40 countries, including the UK, US, Canada, Russia and China.
The Operation NetTraveler malware uses spear phishing emails with MS-Office attachments that, once opened, breach the (now patched) CVE-2012-0158 and CVE-2010-3333 vulnerabilities.
Once embedded, the malware collects key-logs and other common file types (Word documents, Excel spreadsheets, PDFs, etc.), and forwards the sensitive data to Command and Control servers. So far, Kaspersky researchers estimate that more than 22GB of data has been stolen. They also warn that they’ve seen at least one instance of NetTraveler’s malware used as a backdoor, which means that it could be customized to steal other sensitive data.
The culprits behind this sophisticated cyber crime spree may be the same Russian cyber criminals who are believed to be behind the Red October malware campaign, which Kaspersky researchers discovered in January. So far, six of the victims from that campaign have been hit by NetTraveler.