Security company Kaspersky infiltrated with government virus – update
The creators of the Duqu virus broke into Kaspersky’s premises and infected that company’s network with a new virus. That is what the company itself says. The makers of the software – possibly Israel or the US – would also have tapped conversations between the west and Iran.
Kaspersky discovered the infection earlier this year, the company said in a report. The malware would not have been discovered until a few months after the initial infection. According to Kaspersky, this is a very sophisticated attack, in which at least one, but possibly even three zero-days were used. These are security vulnerabilities for which no patch is available yet.
Kaspersky – which claims that customers of the company are not at risk, although the company is unable to substantiate that claim – says that the same party as that of the Duqu virus is probably behind the attack. The new virus has therefore been given the name Duqu 2.0. Security company Crysys, which discovered Duqu 1.0, also sees many similarities, including in the way of programming and compiling.
“The software was virtually invisible and very difficult to discover,” said company president Eugene Kaspersky. “No traces in the registry, just a small program in memory.” According to Kaspersky, the software pretended to be an update program to spread across the network.
According to Kaspersky, the attackers were interested in the security company’s investigation. It’s unclear whether the attackers were able to steal sensitive data, but given they’ve been in Kaspersky’s network for several months, it’s likely.
The media has pointed to Israel as being responsible for the attack, but Kaspersky declined to confirm. Israel is often blamed for the original Duqu virus. The country itself has never acknowledged this. It is also sometimes pointed to the United States; Duqu shows great similarities with the Stuxnet virus, which was aimed at Iranian nuclear installations. The United States is seen as responsible for that virus.
Kaspersky has found infections from the malware in a small number of its customers. Most affected customers were outside of Europe. Since it is a virus that was not yet known, it was not detected before. Hotels where the West is said to have conducted diplomatic negotiations with Iran are said to have been hit by the virus. In addition, the attackers would have had access to the entire ICT infrastructure. Israel vehemently opposed those talks.
The attackers may also have spied using the virus on the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camp. Why Israel or the United States would have wanted to spy on that event is unclear.
Update, 16:35: This article reported that 270,000 infections have been observed. However, that is the number of customers Kaspersky has, not the number of infections. The article has been adapted accordingly.