Tuesday, July 12, 2016
MNKit & NetTraveler Variants
NetTraveler (also known as “Travnet” or “Netfile”) is a data-stealing utility leveraged by Chinese APT actors against high profile targets including diplomatic officials and military organizations. The malware has been used since 2013 to infect numerous victims in over 40 countries. Recently in April 2016, a new variant of the NetTraveler malware was observed in a campaign targeted against Uyghur and Russian organizations. The attacks also leveraged weaponized Office documents created by the MNKit malicious document generator.