The Kaspersky researchers estimate that the NetTraveler cyberespionage group has around 50 members, most of whom are native speakers of Chinese and have some knowledge of English. The group's most recent domains of interest include space exploration, nanotechnology, energy production, nuclear power, lasers, medicine and communications, the researchers said.
A small number of victims infected with the NetTraveler malware were also infected with the malware used in the Red October cyberespionage campaign that was reported by Kaspersky in January. These include a military contractor in Russia, an embassy in Iran, an embassy in Belgium, an embassy in Kazakhstan, an embassy in Belarus and a government entity from Tajikistan.
There were no direct links found between the NetTraveler and the Red October attackers, but the small overlap of victims is nonetheless interesting, the Kasperky researchers said. "These infections indicate that certain high profile victims are targeted by multiple threat actors; the target information is a valuable commodity."
More details about attribution, victim identities and links with other attack campaigns are included in a private report that will be shared with selected parties, including local authorities from countries where victims were identified, Kaspersky Lab said.
Sign up for CIO Asia eNewsletters.