Kaspersky warns new ‘Red Star ATP’ targets governments


By Julian Bajkowski

Leading independent online and computer security firm and research house Kaspersky Lab has cautioned that governments and public institutions are among the intended targets of a newly discovered relaunch of an Advanced Persistent Threat (ATP) dubbed NetTravelers.

The emergence of the new variant is a concern for public sector agencies because it comes less than three months “after the public exposure of the NetTraveler operations in June, 2013” when Kaspersky says “the attackers shut down all known command and control systems and moved them to new servers in China, Hong Kong and Taiwan.”

Advanced Persistent Threats are regarded as one of the most serious kinds of malicious cyber activity because they are typically highly targeted, effect and are often believed to have some sort of nation state of foreign espionage sponsors.

Kaspersky has says hundreds of “high profile victims in more than 40 countries” have been infected, including some in Australia.

“Over the last few days, several spear-phishing e-mails were sent to multiple Uyghur activists,” Kaspersky said in its bulletin.

“The Java exploit used to distribute this new variant of the APT was only recently patched in June 2013 and has a much higher success rate. Earlier attacks used [Microsoft] Office exploits (CVE-2012-0158) patched by Microsoft last April.”

“The initial NetTraveler operations showed a trajectory towards larger malware samples during the latter stages,” said Sam Bryce-Johnson, Kaspersky Lab ANZ’s Technical Manager.

“Their re-emergence suggests they may be planning larger targeted attacks.”

Aside from government agencies, Kaspersky says “known targets” of NetTraveler include Tibetan and Uyghur activists, oil industry companies, research centres and private companies

Kaspersky’s Labs’ security recommendation on the NetTraveller ATP include:

● Update Java to the most recent version or, if you don’t use Java, uninstall it.
● Update Microsoft Windows and Office to the latest versions.
● Update all other third party software, such as Adobe Reader.
● Use a secure browser such as Google Chrome, which has a faster development and patching cycle than Windows’ default Internet Explorer.
● Be wary of clicking on links and opening attachments from unknown persons.

A more detailed analysis of the Red Star ATP is available.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required