Mongolia, India, Russia. In total, infections were identified in 40 countries.
Social engineering
Watering hole attacks
Exploits
Cyberespionage
Data theft
The crew behind NetTraveler specifically targets Tibetan/Uyghur activists.
NetTraveler infects high-profile targets: space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications.
More than 22 gigabytes of stolen data is stored on NetTraveler’s C&C servers.
Office and Java exploits were used.
Activists
Energy, oil and gas companies
Academia/Research
Private companies
Government entities
Diplomatic organizations/embassies
Military
Based on collected intelligence, we estimate the group contains about 50 individuals, most of whom are native Chinese speakers and have a working knowledge of English.
