14 DAY TRIAL // Brandon Dixon of 9bplus has come across an interesting email that appears to be sent by NetTraveler, the Chinese cyber espionage group whose activities were exposed by Kaspersky earlier this month.
According to the security researcher, the email is entitled “CIA’s ‘prism Watchlist’” and it appears to come from one Jill Kelley. The intended recipient of the malicious email appears to be an email address linked to the Regional Tibet Youth Congress in Mundgod, India.
The email, which leverages the recent NSA leak, comes with a Word document attached. Once the document is opened, it attempts to exploit CVE-2012-0158 to push malware onto the infected computer.
“It’s funny to note that these actors are keeping up with their same techniques and infrastructure (not all of it) despite being 100% outed. Again, this sort of behavior shows poor operational security or a complete lack of care.” Dixon noted in a blog post.