Kaspersky Lab has revealed details about a malware attack on its own corporate network; one that involves the Duqu worm that was used to spy on Iran’s nuclear power programme several years ago. The security company also noted that this Duqu 2.0 was also active during the latest round of P5+1 talks that were held to prevent Iran from achieving the ability to build weapons of mass destruction.
The initial intrusion into Kaspersky’s system was noticed in early 2015, although the company did not say how long it suspected the malware had been active. Duqu 2.0 used several methods of attack that were unique and never seen before, which is how it managed to get past the security systems Kaspersky has in place. Like the original Duqu, this new version is much more advanced than almost any other malware in existence; which has lead to suspicions that it is a state-sponsored attack.
While nothing was stolen in the attack, it appears that Duqu 2.0 was targeting Kaspersky’s R&D department and was looking for information about Kaspersky Lab’s Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network and Anti-APT solutions and services. Other administrative departments were left untouched, indicating that the attackers were looking for ways to make their methods even harder to discover.
Other victims of Duqu 2.0 was the venue of the P5+1 talks, where several world powers met to discuss Iran’s nuclear power plans. Interestingly, all the usual suspects that would have likely tried to spy on the meeting were already part of the group.; these included the USA, UK, Russia, and China.
The fact that a security company that specialises in detecting and dealing with malware has become a target itself is a sobering thought. These companies will always be one step behind the attackers; and if Duqu 2.0 did manage to sneak any information out of Kaspersky, future attacks will be even harder to detect.