Kaspersky's Internal Networks Targeted by Malware Duqu 2.0

By CIOReview | Friday, June 12, 2015

FREMONT, CA: Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. The discovery of the malware was a result of an intensive investigation that reported presence of Duqu 2.0 – a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities. Primary goal of the attack was to acquire information on the company’s newest technologies.

Kaspersky Lab alleges that the attackers were especially interested in the details of product innovations including Kaspersky Lab’s Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network and Anti-APT solutions and services as reported by CBR.

The malware affects the system by spreading in the network via MSI (Microsoft Software Installer) files which are commonly used by system administrators to deploy software on remote Windows computers. The malicious program used an advanced method to hide its presence in the system: the code of Duqu 2.0 exists only in computer’s memory and tries to delete all traces on the hard drive.

“They were not interested in our customer. The attackers were doing reconnaissance and research, hoping to find out more about Kaspersky’s security technology or how it found or analyzed malware. They were not only stupid, but greedy,” said Eugene Kaspersky, Chairman and CEO of Kaspersky Lab in press conference as reported by Gregg Keizer of Computer World.

The Lab is confident that its clients and partners are safe and that there is no impact on company’s products, technologies and services.