Cyber espionage campaign targets governments, academic institutions

The syndicate has reportedly targeted numerous installations including research centers.

Although the threat of cyber espionage has largely been considered a recent phenomenon, foreign spies have been targeting the networks of rival governments for years. The two main goals of these operatives is to steal valuable state secrets, technology research and other valuable information and to disrupt operations at critical installations. Both of these endeavors place universities and other academic institutions firmly in the sights of state-backed hackers. System administrators at these schools should stay apprised of emerging threats created by cyberspies to prevent their networks from becoming compromised and sensitive information from being stolen.

Cybersecurity researchers recently identified an espionage campaign conducted by approximately 50 individuals that has been in operation for the past eight years. In that time, the group has successfully breached more than 350 targets across 40 countries. The group has traditionally prioritized government and diplomatic targets, but have also attacked research centers and universities. Recently, the criminal syndicate has been observed allocating more resources to breach assaults against institutions that may contain valuable information regarding advanced technology. Some of the organization's areas of interest include nanotechnology, energy production and space exploration. These fields have been extensively studied at research labs across numerous universities, meaning school networks may be targeted with greater frequency moving forward.

Spear-phishing: the weapon of choice
The syndicate's preferred malware tool, dubbed NetTraveler, utilizes spear-phishing email campaigns to attach malicious files in the guise of Microsoft Office documents. Once a user's system has been compromised, the malware tool begins gathering information including documents, sensitive data and key logs. Researchers determined that the amount of stolen data contained on command and control servers was upwards of 22 gigabytes, however, this did not include files that been wiped from storage over the years. 

The cybersecurity research team noted that some of the victims identified in their study had previously been targeted by the famous Red October cyber espionage campaign, which managed to operate undetected for five years. With hackers becoming more adept at concealing their activities, universities and other institutions can no longer rely on government agencies to identify cybercriminal syndicates before they launch widespread campaigns. Comprehensive measures are needed to protect critical networks, including the deployment of layered security protocols. One component of a healthy cybersecurity platform is the use of application control technology. If IT administrators are concerned about malicious programs – such as those sent through the NetTraveler campaign – launching on their systems, they can use whitelisting tools to prevent anything except predetermined software from running on a computer. This can prevent hackers from compromising academic networks and stealing vital information.

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape changes our lives, and what we can expect in the future.