Cyber espionage bug attacking Middle East, but Israel untouched — so far

NetTraveler virus found in computers in diplomatic missions of over 40 countries, including Syria, Turkey, Lebanon, Jordan, Qatar, and Iran

Map of the NetTraveler malware's reach (photo credit: Courtesy)
Map of the NetTraveler malware's reach (photo credit: Courtesy)

Computers in diplomatic missions and government offices worldwide have again been struck by a major virus, according to cybersecurity experts at Kaspersky Lab. The NetTravel virus, which Kaspersky uncovered in recent weeks, has attacked computers in diplomatic missions and government institutions in over 40 countries worldwide, including Syria, Turkey, Lebanon, Jordan, Qatar, and Iran. No “samples” of the virus have been found so far in Israel, Kaspersky said.

The attack is somewhat similar to the Red October exploit, which Kaspersky uncovered last year. In that attack, too, government and diplomatic computers were targeted. Israeli computers were found to be hosting the virus as well, but it was unclear if any data had been stolen.

Unlike the Stuxnet virus, which rocked Iran’s nuclear program by sabotaging centrifuges, Nettraveler seems more concerned with espionage.

The perpetrators of Red October are still unknown, but Kaspersky gave a very broad hint as to the identity of the hackers behind NetTraveler: “Based on collected intelligence, we estimate the group size at about 50 individuals, most of whom speak Chinese natively and have working knowledge of the English language,” Kaspersky said. “NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office or PDF documents.”

Among the victims of the attack are Tibetan/Uyghur activists, considered rebels by Beijing. The logo of the virus, as it appears inside the malware’s code, is a Chinese language character.

“The group has infected victims across multiple industries, including government institutions, embassies, the oil and gas industry, research institutes, military contractors and activists,” Kaspersky continued. “Most recently, the NetTraveler group’s main domains of interest for cyber-espionage activities include space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications.”

The latest attack uses “social engineering” techniques to get users to click on links that will install the malware on their devices. Users are sent messages that ostensibly contain important information in their attachments, with titles like “Report — Asia Defense Spending Boom,” “Army Cyber Security Policy 2013,” and “His Holiness the Dalai Lama’s visit to Switzerland day 4.” When users open the files, two pieces of malware are installed on their devices, enabling the controllers of the virus to steal data at will.

Eugene Kaspersky, head of Kaspersky Lab, is scheduled to visit Israel next week for the 3rd annual International Cyber Security Conference, sponsored by Tel Aviv University and the National Cyber Bureau. Kaspersky is expected to provide more details on NetTraveler during his presentation. Last year, Kaspersky, speaking at the conference, revealed the existence of the Flame virus, which infects infrastructure and mission-critical computer systems. Kaspersky said the virus could mean “the end of the world as we know it.”

read more: