Kaspersky servers infected by 'Duqu 2.0' malware

By on
Kaspersky servers infected by 'Duqu 2.0' malware

Hackers had access for 'several months' prior to detection.

Eugene Kaspersky, founder of Kaspersky Lab, today revealed his company's servers had been penetrated by a malware package which has been dubbed Duqu 2.0.

In early 2015, Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. An investigation led to the discovery of a new malware platform which it recognised as Duqu, described by the company as one of the most skilled, mysterious and powerful threat actors in the APT world.

The attack included unique and previously unseen features which left almost no traces, and Kaspersky believes the attackers were confident that they would not be discovered.

He estimated the attackers had access to the servers for several months before the intrusion was detected. Because it didn't leave any disk files nor change system settings, Kaspersky said the design of the attack is a generation ahead of anything seen in the APT world to date.

Kaspersky Lab was not the only victim, the company said, claiming it has been found in Western countries, the Middle East and Asia.

It has also been discovered on systems managing events and venues associated with the P5 + 1 negotiations with Iran regarding nuclear power and nuclear weapons.

The attacker behind Duqu 2.0 also appears to have attacked events and venues surrounding the 70th anniversary of the liberation of Auschwitz-Birkenau, attended by international politicians.

An audit of Kaspersky Lab systems is still ongoing, but initial findings indicate the motivation for the attack was to spy on its research and operations.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?