"NetTraveler is Running!" – Red Star APT Attacks Compromise High-Profile Victims
Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance.
The name “NetTraveler” comes from an internal string which is present in early versions of the malware: “NetTraveler Is Running!” This malware is used by APT actors for basic surveillance of their victims. Earliest known samples have a timestamp of 2005, although references exist indicating activity as early as 2004. The largest number of samples we observed were created between 2010 and 2013.
The NetTraveler builder icon