Kaspersky Lab Weblog:
NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as 'Travnet' or "Netfile") include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.
During the last week, several spear-phishing e-mails were sent to multiple Uyghur activists. Here's an example: [Screenshot]
A rough translation:
"The spokesman of the WUC made the following statement about the massacre in Karghiliq country. To the kind attention of everyone."
It contains a link to a page purportedly on the World Uyghur Congress website. However, the real page link leads to a known NetTraveler-related domain at "weststock[dot]org".
Continued : http://www.securelist.com/en/blog/208214039/NetTraveler_Is_Back_The_Red_Star_APT_Returns_With_New_Tricks
NetTraveler Variant Adds Java Exploits, Watering Hole Attacks to Bag of Tricks
NetTraveler APT Attack Changes Tactics to Infect Activists
Despite Being Exposed, Cybercriminals Behind NetTraveler Campaign Continue Attacks
NetTraveler APT group is back, adds watering hole attacks to its arsenal