Kaspersky: We Were Hacked by Same Country Behind Duqu

You’d think security companies, with all their expertise, would be immune to intrusion. Think again. Last week security vendor Kaspersky Lab said the company had been hacked in early spring by what it believed was a country-sponsored effort—the same one behind 2011’s Duqu malware.

2 Min Read
Kaspersky: We Were Hacked by Same Country Behind Duqu

You’d think security companies, with all their expertise, would be immune to intrusion. Think again. Last week security vendor Kaspersky Lab said the company had been hacked in early spring by what it believed was a country-sponsored effort—the same one behind 2011’s Duqu malware.

The company outlined details of the intrusion, which it said affected several of its internal systems, on its website. It has since fixed the vulnerability that allowed the attack.

“We immediately launched an intensive investigation, which led to the discovery of a carefully planned cyber-espionage attack carried out by the same group that was behind the infamous 2011 Duqu APT (advanced persistent threat),” according to Kaspersky. “We believe this is a nation-state sponsored campaign.”

If you don’t remember Duqu, Kaspersky provided a memory jog in its post, explaining that Duqu is a sophisticated malware platform discovered by CrySyS Lab that the company itself investigated in 2011. The main purpose of Duqu was to act as a backdoor into the system, allowing for the removal of private information.

Back in 2011, Duqu was found in Hungary, Austria, Indonesia, the United Kingdom, Sudan and Iran, with hints that the malware was used to spy on Iran’s nuclear program. It also was used to compromise certificate authorities to hijack digital certificates used to sign malicious files to evade security solutions, the company said.

The attack on Kaspersky was not the first but it does show how even security companies—the core business of which is to protect customers against such intrusion—are still at risk to security threats that are becoming increasingly sophisticated.

Upon audit and analysis, Kaspersky said the goal of last spring’s attack was solely to spy on the company and steal intellectual property, including technologies, research and internal processes.

How Kaspersky defends against APTs was especially of interest to the hackers, the company said.

“The attackers were interested in Kaspersky Lab’s intellectual property and proprietary technologies used for discovering and analyzing APTs, and the data on current investigations into advanced targeted attacks; they were especially interested in our product innovations, including Kaspersky Lab’s Secure Operating System, Kaspersky Security Network, Kaspersky Fraud Prevention and Anti-APT solutions,” according to Kaspersky.

None of Kaspersky’s other processes or systems were affected, and “the information accessed by the attackers is in no way critical to the operation of the company’s products,” Kaspersky’s assured its customers.

The company said it plans to use information it gleaned from the attack to improve its own IT security products and solutions.

Read more about:

AgentsMSPsVARs/SIs

About the Author

Elizabeth Montalbano

Elizabeth Montalbano is a freelance writer who has written about technology and culture for more than 15 years. She has lived and worked as a professional journalist in Phoenix, San Francisco, and New York City. In her free time she enjoys surfing, traveling, music, yoga, and cooking. She currently resides in a small village on the southwest coast of Portugal.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like