The Kaspersky cybersecurity company reported that it was recently hacked by a very sophisticated intrusion malware program, which is rumored to have incorporated three new techniques that the company was unaware of prior to the attack. The firm stated that they are still examining the situation, but strongly believe they detected the malware early on. Kaspersky did confirm that some of their files were accessed during the intrusion, but no critical data of their products was touched.
The company’s chief executive, Eugene Kaspersky, said that taking the time and effort to commit cyber espionage against a firm that deals with detecting and combatting digital intrusions is risky for anyone. Kaspersky went on to add that his security firm is pivotal when assisting agencies to investigate such matters openly, even if it means reporting the most minor of incidents.
The intrusion was originally detected at the start of spring. The report said that the malware does not deliver any foreign data to the hard drive, but lies inside the memory of the computers that it infects. With such subtly, the detection would be relatively hard to achieve, but the firm still found it early.
The Russian company was able to find a connection between the recent espionage attempt and the one from 2011, to the creators behind the Duqu attacks. Then, the attacks were centralized around India, Ukraine, France, and Iran. The key connection comes from the fact that both attacks came through Microsoft software. In 2011, the hackers used a flaw in the Microsoft Word program. This time, they spread their malware through the installation files that IT employees commonly use to install the Microsoft programs to company computers.
Costin Raiu, the director of the Kaspersky analysis team said that the cost of such a monumentally original intrusion must have been extremely high. Raiu also believes that the intrusion, which he dubbed Duqu 2.0, launched attacks on other targets besides Kaspersky. He said that the common denominator among each of the targeted firms is the fact they were in charge of securing communications between Iran and the West about nuclear programs.
One of Kaspersky’s cybersecurity rival companies had their chief research officer investigate the hacked incident, of which he came to the conclusion that the attack is a credible threat. Mikko Hypponen from F-Secure said that Duqu 2.0’s new and improved malware is the largest news to come out of cybersecurity this year. He noted that while the techniques they employed were new, the strategy they used to spread the malware has been done a number of times in the past. Most notably, this occurred four years ago when a U.S. defense contractor was targeted through RSA technological channels.
The Russian digital protection company is confident that any information and data of their clients and business associates are secured and untouched by the intrusion software. The company’s researchers have tracked down the activity of Duqu 2.0, and have discovered it was active in several hotels where Iranian officials met to discuss nuclear objectives.
Duqu 2.0 is classified as an advanced persistent threat, or APT. A single APT, like the first version of Duqu, are crafted by incredibly skilled people, and typically operate under a certain amount of mystery with the potential to do incredible harm. While Israel is not as suspect in the case, the original Duqu malware was identical to the Stuxnet worm, which is perceived as the result of the U.S. and Israel’s collaboration.
Unofficially, however, a great deal of fingers are pointing to Israel. It is no secret that they have a disdain for the nuclear energy discussions. Back in March, Washington blatantly accused Israel of having spies gathering information on the nuclear dealings. The cybersecurity company’s revelation that the P5+1 group and Iranian government meeting locations were attacked does corroborate the accusation, especially when it is clear that Kaspersky wants nothing more than to see their systems not be hacked again.
By Matthew Austin Bowers
BBC News: Kaspersky Lab cybersecurity firm is hacked
International Business Times: Israeli-linked malware Duqu 2.0 ‘used to spy on Iran nuclear talks venues’
The Washington Post: Data-collecting spyware reportedly found at Iran nuclear talk venues
Photo Courtesy of Yuri Samoilov’s Flickr Page – Public Domain License