A Russian cyber safety firm says it has found a highly-sophisticated, “almost invisible” cyber espionage tool that targeted the company’s own servers, as well as systems about the planet, like some linked to the controversial Iranian nuclear negotiations.
The Moscow-based firm Kaspersky Labs announced nowadays the discovery of the worm, dubbed Duqu 2., which the firm said it located this spring following the worm had been slinking through its system for “months.”
“The attack was very complicated, extremely smart… [But] come on, it is stupid to attack a cyber-security organization,” Kaspersky founder and CEO Eugene Kaspersky told reporters in London. “Sooner or later, we’ll come across it anyway.”
When the corporation sought out other victims of the sneaky attack, Kaspersky said on its web-site that it discovered some of the “infections are linked to the P5+1 events and venues associated to negotiations with Iran about a nuclear deal.”
Eugene Kaspersky declined to elaborate additional, beyond saying some affiliated “businesses and events” were affected by the attack and that it “doesn’t smell very good.”
The Wall Street Journal, which very first reported on Duqu two. today, stated computer systems at three luxury European hotels where negotiations had been held had been among the worm’s victims.
Eugene Kaspersky mentioned the firm can not say for particular who is behind the attack, but he believes that due to its sophistication and technical hyperlinks to preceding subsequent-generation laptop worms, a nation-state is the likely culprit.
The worm was named Duqu 2. due to the fact Kaspersky mentioned it appeared to be an upgraded version of the Duqu worm, yet another very-sophisticated espionage tool found in 2011.
“We cannot prove attribution for the reason that they’re going via proxy servers,” Kaspersky mentioned of Duqu 2.. “There are technical attributions we can read from the code. This attack is a relative, it is a new generation of the Duqu attack, most likely created by the very same persons, or they shared the source code with others.”
A big American cyber security firm, Symantec, agreed that Duqu 2. “is an evolution of the original threat, designed by the exact same group of attackers.”
Symantec also reported Duqu 2. seems to have targeted European and North African telecom operators and a South East Asian electronic equipment manufacturer. Symantec had reported in 2012 that the Duqu threat had not abated and that a new version of the worm had been discovered then.
By sharing code with Duqu, Duqu 2. is also straight linked to Stuxnet, a revolutionary cyber-weapon that was believed to have physically broken an Iranian nuclear facility and that was suspected of becoming the item of a joint U.S.-Israeli major secret operation.
When the original Duqu was discovered in 2011, Symantec reported it “shares a terrific deal of code with Stuxnet” and the identical suspicions had been raise about no matter whether the attackers had been the same or if source code had been shared.
In its report today, the Wall Street Journal mentioned Duqu 2. was “widely believed to be utilised by Israeli spies.”
But the Duqu two. code also included a number of what Kaspersky Labs known as “false flag” clues as to who was behind it. 1 was a mention in the code of a nickname for a Chinese military officer who was a single of 5 indicted by the U.S. in an unprecedented move by the Department of Justice against Chinese cyber espionage. Yet another pointed to a prolific Romanian hacker, Kaspersky reported.
“Nevertheless, such false flags are comparatively simple to spot, specially when the attacker is incredibly careful not to make any other blunders,” Kaspersky wrote.
Contact the author at firstname.lastname@example.org.