Cyber security experts at Kaspersky Lab have claimed that computers in diplomatic missions and government offices in more than 40 countries worldwide have been hit by a major virus. Kaspersky reported that it has found the sample of the virus NetTraveler in almost all the countries in the Middle East except Israel.
As it appears inside the malware’s code, the logo is a Chinese language character. Morocco is the only North African country affected by the virus. The antivirus company claims that the behavior of the virus is similar to last year’s Red October exploit virus, which also targeted government and diplomatic computers. NetTraveler tricks targets by making them click on links claiming to contain important information in their attachments, with titles like “Report — Asia Defense Spending Boom,” “Army Cyber Security Policy 2013,” and “His Holiness the Dalai Lama’s visit to Switzerland day 4.” When such files are opened, the malware is installed on their devices to allow the download of data.
The NetTraveler virus is linked with espionage and has been “designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office or PDF documents.” Kaspersky has been able to gather some information of those behind the attack. It estimates “the group size at about 50 individuals, most of whom speak Chinese natively” with some English knowledge. Victims of the virus are industries, government institutions, embassies, oil and gas industries, research institutes, military contractors and activists.
Kaspersky also stated that espionage was centered on specific domains such as “space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications.” The head of Kaspersky Lab, Eugene Kaspersky, could shed more light on the virus at the 3rd annual International Cyber Security Conference in Israel.