Kaspersky Lab Reveals Cyberattack On Its Corporate Network

An anonymous reader writes: Kaspersky Lab has revealed that it was recently subject to a major cyberattack. The company launched an investigation, which led to the discovery of a new malware platform from Duqu. Kaspersky has revealed that the attack exploited zero-day vulnerabilities and the malware has spread in the network through MSI (Microsoft Software Installer) files. "The attack is extremely sophisticated, and this is a new generation of what is most likely state-sponsored malware," Kaspersky said during the press conference. "It's a kind of a mix of Alien, Terminator and Predator, in terms of Hollywood."

What was the goal ?

[eulernet]

Why did the attacker sacrificed such a nice tool ? And to obtain what kind of information ?

My hypothesis is that the attackers wanted to retrieve all source code from Kaspersky Labs, in order to prepare future attacks.
I have no doubt that they have the resources to analyze the source code and find some ways to evade Kaspersky's detection.
The most wanted target was probably Kaspersky's internal tools, which are not in the final product, like virus analyzers, detection algorithms, and also how they build their virus signatures.

It's probable that the attackers also wanted to confirm the ties between Kaspersky and the Russian government.

Re:What was the goal ?

[timrod]

Kaspersky themselves said that the Duqu authors were probably using them as a "utility target" to gain more access to their main target, which is believed to be anyone involved in the negotiations over Iran's nuclear program. The people from Kaspersky posited the idea that Duqu has no value to the people who wrote it - likely because by the time they attacked Kaspersky, they had already infected the people they were really after and could safely throw it away. It could also be that they purposely attacked Kaspersky for two reasons: to gain information on their detection methods and find ways around them, but also to ensure that no one else gets infected (thus avoiding a possible scandal for a state actor behind the attacks if people unrelated to their targets get hit).

I'm with the camp that thinks Israel is behind it. It only makes sense, given their involvement with Stuxnet and their high level of interest in Iran's nuclear program, plus the connection with the Auschwitz liberation date.

Payback for Outting NSA Spyware?

[Maltheus]

Coming so soon after revealing the NSA spyware in the firmware of hard drive manufacturers, care to wager any guesses over which out-of-control state sponsored this attack?

Re:Payback for Outting NSA Spyware?

[IamTheRealMike]

I thought that at first too. But if you read the reports more closely it strongly suggests this is Israeli intelligence, not NSA.

One strong indicator of this is that Kaspersky already found and analysed the current-gen NSA malware platform, they call the NSA the "Equation Group" and the things linking it to the NSA are extremely strong, to the extent that known NSA codenames are found in the binaries. However they also say that they found at least one victim that was hacked by NSA and "Duqu 2" simultaneously. It wouldn't really make sense for the NSA to have two entirely duplicative/redundant malware development projects over such a long period of time.

Additionally, various other things suggest Israeli intelligence, like timestamps and working hours indicative of Israel and the fact that one of the victims was linked to some anniversary of the liberation of Auschwitz.

This one has NSA's fingerprint all over it

[Taco+Cowboy]

I'm with the camp that thinks Israel is behind it. It only makes sense, given their involvement with Stuxnet and their high level of interest in Iran's nuclear program, plus the connection with the Auschwitz liberation date

I beg to differ

My train of thought for this case runs more along the false flag rule, and that if Israel really wants to carry it out wouldn't it at least try to avoid identifying themselves?

The fact that the attack was launched with the Auschwitz liberation date in mind tells us that someone else is behind the scheme --- as the Auschwitz liberation date has a permalink to Israel anyone who wants to frame Israel can do nothing less than to link an attack to that particular date

And apparently it works --- reading the comments here tells us that those aren't equipped with critical thinking skills will automatically associate the attack with Israel

I am no friend of Israel but I do reckon that the Jews are way more clever than that --- if indeed it was Israel which is behind this attack then they will do it in a way that, at the very least, leave enough clues to lead to some other players rather than Israel

The fact that Stuxnet / Duqu was co-developed by Israel and NSA, and this current deployment uses technique that they once deployed back in 2011, indicates to me that NSA is behind it

It is legitimate to ask why NSA wants to mess with systems belong to P5+1 who are connected the Iran nuclear deal, and the answer is no more than who is currently in charge in the White House

They way Obama is behaving, and has been behaving the past 5+ years in the White House tells us that he is a controlling type, that he needs to know everything about everybody

From the NSA spying on the Americans to blaming his favorite bogeyman - China - on the leak of the background info of 4 million American civil servants, even when he didn't even have an iota of evidence, we know full well the one true thing that motivates Obama --- to have a total control, and to manipulate the sentiments of the people so that they will give him full support of whatever he wants to do

You guys are on /. --- by the self-selection prophesy you guys are supposed to be better than the rest of the populace, so, please, it's time to equip yourselves with much better thinking skills

In a world where leaders such as Obama is so skilled in manipulating populace sentiments we must ensure that we ourselves are not being manipulated