Kaspersky Lab investigates hacker attack on its own network

June 10, 2015  (c)   Kaspersky Lab

Kaspersky Lab investigates hacker attack on its own network

The bad news

The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it. We’ve called it Duqu 2.0. Why Duqu 2.0 and what it has in common with the original Duqu?

The good news – pt. 1: We uncovered it

The first bit of good news is that we found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is ageneration ahead of anything we’d seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however, we did manage to detect it – with the alpha version of our Anti-APT solution, designed to tackle even the most sophisticated targeted attacks.

@kaspersky nails nation-state attack on its network. Products & services not compromised; no risks for customers

We’ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we’re confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it’s highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.

Duqu 2.0 spied on hi-profile targets, incl. dignitaries at Iran nuclear talks and Auschwitz anniversary – but that’s just tip of the iceberg

We, in turn, will use this attack to improve our defensive technologies. New knowledge is always helpful, and better threat intelligence assists us in developing better protection. And of course, we’ve already added the detection of Duqu 2.0 to our products. So, in fact, there’s not really much bad news here at all.

As mentioned, our investigation is still underway; it will require a few more weeks to get the whole picture in all its detail. However, we’ve already verified that the source code of our products is intact. We can confirm that our malware databases have not been affected, and that the attackers had no access to our customers’ data.

To read the rest of the article see  https://blog.kaspersky.com/kaspersky-statement-duqu-attack/

InCyber Comments:

The InCyber PAS Pro-Active and Predicting System has been proven 100% effective against Insider Threats. For additional information write to: info@incyber.co We are now offering a Free Insider Penetration Test for up to 500 Employees using your own historical data.