SINGAPORE/PRNewswire/ -- Kaspersky Lab researchers today announced a new attack vector of NetTraveler (also known as 'Travnet' or "Netfile"), an advanced persistent threat that has already infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.
Immediately after the public exposure( https://www.securelist.com/en/blog/8105 ) of the NetTraveler operations in June, 2013, the attackers shut down all known command and control systems and moved them to new servers in mainland China, Hong Kong and Taiwan. They also continued the attacks unhindered, just like the current case shows.
Over the last few days, several spear-phishing e-mails were sent to multiple Uyghur activists. The Java exploit used to distribute this new variant of the Red Star APT has a higher success rate than the previously used Office exploits, having been patched by Oracle in June 2013.
Kaspersky Lab's Global Research and Analysis Team (GReAT) experts predict that other recent exploits could be integrated and used against the group's targets and offer recommendations on how to stay safe from such attacks:
-- Update Java to the most recent version or, if users don't
use Java, uninstall it.
-- Update Microsoft Windows and Office to the latest versions.
-- Update all other third party software, such as Adobe Reader.
-- Use a secure browser such as Google Chrome, which has a
faster development and patching cycle than Windows' default
Internet Explorer.
-- Be wary of clicking on links and opening attachments from
unknown persons.
"So far, we haven't observed the use of zero-day vulnerabilities with the NetTraveler group. To defend against those, although patches don't help, but technologies such as Automatic Exploit Prevention and Default Deny can be quite effective fighting advanced persistent threats," says Costin Raiu, Director of Global Research & Analysis Team at Kaspersky Lab.
To get more information about NetTraveler new attack, please refer to securelist.com .
Media contact:
Jesmond Chang (Corporate Communications Manager, SEA)
Phone: +603-7962-5913
Email: pr@kaspersky-sea.com or jesmond.chang@kaspersky.com
SOURCE Kaspersky Lab