India has been a prime target of a Chinese cyber-espionage campaign that has been active for at least eight years, according to Russia’s leading IT security provider.
A report released by the Kaspersky Global Research and Analysis Lab said an ongoing hacking attack dubbed NetTraveler has hit hundreds of victims in 40 countries since 2005 or 2004, “with the highest number in Mongolia, India and Russia.”
The “medium-sized threat actor group from China,” estimated to comprise about 50 individuals has attacked government agencies, embassies, universities, research centres and oil and gas companies and military contractors, as well as Tibetan activists.
The group has focused on stealing data on space research, nanotechnology, energy production, nuclear power, laser technology, medicine and communications.
The Kaspersky Lab described NetTraveler as “a malicious data exfiltration tool” that takes advantage of old flaws in Microsoft Office to delivery spear-phishing emails.
“Although these vulnerabilities have been patched by Microsoft, they remain effective and are among the most exploited in targeted attacks,” said the Kaspersky Lab, which is best known for uncovering Flame and Stuxnet spyware, which targeted Iran’s nuclear programme.
Kaspersky discovered more than 22 gigabytes of stolen data on the malware’s several command-and-control (C&C) servers, which is a small fraction of the total haul since the rest of it had been downloaded by the hackers and deleted from the servers.
“Taking into account that several other C&C servers exist for which we have no logs… we estimate the total number of victims worldwide to be around 1,000,” Kaspersky said.
Kaspersky has promised to release more information on victims to “selected parties, including local authorities of victim countries.”