Kaspersky Lab Reveals Cyberattack On Its Corporate Network

An anonymous reader writes: Kaspersky Lab has revealed that it was recently subject to a major cyberattack. The company launched an investigation, which led to the discovery of a new malware platform from Duqu. Kaspersky has revealed that the attack exploited zero-day vulnerabilities and the malware has spread in the network through MSI (Microsoft Software Installer) files. "The attack is extremely sophisticated, and this is a new generation of what is most likely state-sponsored malware," Kaspersky said during the press conference. "It's a kind of a mix of Alien, Terminator and Predator, in terms of Hollywood."

Kapersky's 46 page report on incident

[VikingThunder]

FYI: Here is the link to Kapersky's report of the incident: https://securelist.com/files/2...

Re:Kapersky's 46 page report on incident

[plover]

Have Kapersky considered running their business off of bootable CDs?

Read further down in the Fine Report, and you'll see why that strategy probably wouldn't have helped much. After the initial installation, the Command and Control network ran almost exclusively in RAM on Kaspersky's servers; the executable files were deleted to leave as few detectable traces as possible. Of course that meant the malware would be lost during a server reboot, so it depended on the actions of the other nearby servers that would eventually detect the rebooted server was uninfected, and would then re-infect it. And just in case Kaspersky's admins rebooted all servers simultaneously, wiping out the entire C&C system, they left a back door open in the form of a few unimportant PCs infected with persistent malware that would simply launch reverse tunneling proxies at startup. The attackers would have been able to reenter the network without needing to phish them again.