Duqu is back. The Russian computer security company Kaspersky revealed to have detected in its own internal networks a program similar to malware that occurred in 2011. This new worm, dubbed “Duqu 2.0“, is considered the “most advanced in its category” by the anti-virus vendor. If Kaspersky is careful to identify a culprit, It believes that only a State Nation is able to design this software, It estimated at $ 50 million.
For Kaspersky, the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however,they did manage to detect it – with the alpha version of their Anti-APT solution, designed to tackle even the most sophisticated targeted attacks. The thinking behind it is a generation ahead of anything they had seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize. Kaspersky’s Customers have nothing to fear from a security point of view because this attack has been no incident on Kaspersky products and services.
Purpose of Attack …
The attackers were interested in learning about Kaspersky’s technologies, particularly:
- Secure Operating System,
- Kaspersky Fraud Prevention,
- Kaspersky Security Network,
- Anti-APT solution and services.
The bad guys also wanted to find out about Kaspersky’s ongoing investigations and learn about Kaspersky’s detection methods and analysis capabilities. Since they are well known for successfully fighting sophisticated threats they sought this information to try stay under Kaspersky’s radar. According to Kaspersky , Attacker now lost a very expensive technologically-advanced framework they had been developing for years.
Who is behind the Attack ??? …
Kaspersky have found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. They are confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. The advantage is that They will use this attack to improve their defensive technologies. Eugene Kaspersky confirm that, their malware databases have not been affected, and that the attackers had no access to Kaspersky customers’ data.
Kaspersky don’t attribute attacks, They claims to be security experts and don’t have to involve in political way . However they think that Governments attacking IT security companies is simply outrageous: Governments and Company are supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. Kaspersky once again call on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it.
Several clues indicate the responsibility of Israel…
Athrought Israel denies its involvement , Nevertheless, several indicators suggest that it is involved in the design of Duqu 2.0. First, the first version of Duqu, dating from 2011, is itself a derivative of Stuxnet. The latter was developed by the United States in cooperation with Israel to attack Iran’s nuclear program, in particular centrifuges, to try to slow the efforts of Tehran, suspected of wanting to develop nuclear weapons.
In March, US officials claims that Israel spied talks between the P5 + 1 and Iran in 2014, according to the Wall Street Journal. Israel has denied spying negotiations on the Iranian nuclear issue. “International news about Israel’s involvement in this affair are baseless,” said Israel . Austria and Switzerland, for their part, had already started investigations before the public revelations of Kaspersky.
Why Duqu 2.0 ? It Exploit three Zero-Day vulnerabilities …
Duqu is a sophisticated malware platform discovered by CrySyS Lab, and investigated by Kaspersky Lab in 2011. Its main purpose was to act as a backdoor into the system and facilitate the theft of private information. In 2011 Duqu was detected in Hungary, Austria, Indonesia, the UK, Sudan and Iran. There are clues that Duqu was used to spy on the Iran nuclear program and also to compromise Certificates Authorities to hijack digital certificates. These certificates were used to sign malicious files to evade security solutions.
Both discreet and versatile, it is composed of numerous modules, which enable it to collect a variety of information. It can for example operate microphones in hotel lifts that have them. . The worm exploits no less than three faults “zero-day”. These are flaws that are unknown and unprotected, in this case, in the Microsoft Windows operating system.
Scr : Kaspersky Lab