Nettraveller APT

Type: Nation-State-Sponsored

Status: Active as of July 2016

Other Names: Travnet/ NetFile/ APT 21

Active Since/Discovered: 2004


  • Mongolia, India, Russia, US, and 36 others
  • Total of 350-500 infections detected

Target Sectors:

  • Energy, space exploration, Academia, nanotechnology, nuclear power, lasers, medicine, and communications
  • Government organizations (19%), private companies (11%), diplomatic organizations and embassies (32%), and military organizations (9%)


  • NetTraveler
  • designed for basic surveillance. It logs keystrokes, can steal sensitive documents, and it retrieves files system listing
  • Saker
  • Netbot
  • DarkStRat
  • LURK0 Gh0st
  • PlugX

Preferred Attack Vector:  Spear-phishing Social engineering, watering-hole attacks, 0-day exploits

TTP: CVE-2012-0158

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google