Slashdot Mirror
Kaspersky Lab Reveals Cyberattack On Its Corporate Network
An anonymous reader writes: Kaspersky Lab has revealed that it was recently subject to a major cyberattack. The company launched an investigation, which led to the discovery of a new malware platform from Duqu. Kaspersky has revealed that the attack exploited zero-day vulnerabilities and the malware has spread in the network through MSI (Microsoft Software Installer) files. "The attack is extremely sophisticated, and this is a new generation of what is most likely state-sponsored malware," Kaspersky said during the press conference. "It's a kind of a mix of Alien, Terminator and Predator, in terms of Hollywood."
Kasperski must characterize the malware as ultra-advanced, targeted, government hacking. Otherwise they look like fools for being penetrated.
I'm not saying they are lying; I'm saying there is no way to tell, because their success as a company depends on them assuring everyone that they can competently defend against ordinary malware.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
FYI: Here is the link to Kapersky's report of the incident: https://securelist.com/files/2...
Why did the attacker sacrificed such a nice tool ? And to obtain what kind of information ?
My hypothesis is that the attackers wanted to retrieve all source code from Kaspersky Labs, in order to prepare future attacks.
I have no doubt that they have the resources to analyze the source code and find some ways to evade Kaspersky's detection.
The most wanted target was probably Kaspersky's internal tools, which are not in the final product, like virus analyzers, detection algorithms, and also how they build their virus signatures.
It's probable that the attackers also wanted to confirm the ties between Kaspersky and the Russian government.