Kaspersky Lab yesterday announced that its internal networks were the victim of an advanced attack which attempted to steal information about its products and clients. According to the company’s blog post, the attack was complex and stealthy, exploiting several zero-day vulnerabilities.
“We’re quite confident that there’s a nation state behind it,” the blog post said. “We’ve called it Duqu 2.0.”
This is due to its similarity to the “Duqu” malware found in 2011, used in attacks against Iran, India, France and Ukraine. Duqu was at the time linked to the Stuxnet malware, believed to be created by the US’ and Israel’s spy agencies.
According to Kaspersky, the cost of developing and maintaining such a malicious framework is colossal. The attack appears advanced, using a number of tricks that make it difficult to detect and neutralise.
“We’ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz,” the blog post says.
“Though the internal investigation is still underway, we’re confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries.”
The activity was exposed by the alpha version of Kaspersky’s Anti-APT solution, designed to tackle even the most sophisticated targeted attacks.
According to Tom’s Hardware, “The attack used three zero-day vulnerabilities for Microsoft’s software installers, which are used by many enterprise customers. Normally such zero-day vulnerabilities cost hundreds of thousands of dollars each on the black market. ”
Kaspersky maintains that neither their products nor their services have been compromised, and their customers are not at risk due to the breach.