A New Chinese Threat: NetTraveller Malware Found in 40 Countries, Targets Oil, Weapons, Nukes & More


Security researchers have discovered a new strain of government-bothering malware doing the rounds. In this case, the so-called NetTraveller malware has managed to infiltrate at least 350 high-profile victims in forty different countries. It’s victims include private organizations and government agencies involved in industries ranging from nuclear power and communications, to space exploration and nanotechnology.

Given its prevalence in so many different countries, the name “NetTraveller” seems like a pretty apt description of the new threat. But in fact, Kaspersky says that the name refers to an internal string found within the malware’s source code. The Russian security lab adds that they believe the malware to be at least nine years old – the first references of its existence date back to 2004, although far more traces of it have been found in recent yearsa.

And guess who’s thought to be responsible for NetTraveller? Yep that’s right – good old China is prime suspect number one.

There’s overwhelming evidence to suggest that NetTraveller is a Chinese cyber-espionage tool. For one thing, Kaspersky claims that numerous Tibetan and Uighur activists have been targeted by it. They also claim to have evidence that the group responsible for creating NetTraveller are native Chinese speakers:

“Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language,” said a spokesperson for Kaspersky.

“NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office or PDF documents.”

Kaspersky goes on to list the kinds of institutions NetTraveller has infiltrated so far, without naming any names. Its targets include oil companies, scientific research centers, universities, private corporations, governments and governmental institutions, military contractors and foreign embassies. It adds that more recently, NetTraveller seems to be showing a keen interest in anything to do with space exploration, nanotechnology, nuclear power, energy production, communications and medicine.

Of the countries where the malware has been identified, Mongolia was at the top of the list with the most infections, followed by India, Russia, China, South Korea, Spain, Germany, the US and the UK. In total, 40 countries were found to have at least one infiltration.

Interestingly, six of NetTraveller’s victims were also reportedly infiltrated by another virus known as Red October, a still-active campaign that’s compromised dozens of governments and embassies around the world, stealing data from smartphones, tablets, computers and other network equipment.

Read Kaspersky’s report on SecureList.com for an in-depth look at NetTraveller’s capabilities.