Duqu Malware Attack Kaspersky Lab Corp
Kaspersky Lab have announced over this week a successful malicious attack against the corporate network. Attack was firstly discovered in the spring of 2015. The report disclosed that cyber criminals used Duqu 2.0 malware to infect companies across several locations in Western, Middle Eastern and even Asian countries to make it widely transmitted over the cyber space.
Duqu was firstly discovered 4 years ago in several countries and the investigation showed that the malware was created to attack and spy on Iran’s nuclear program, the malware was observed several time with new samples and format to hide its presence in the past beside exploiting several zero-days in industrial and windows operating systems.
The good thing that Kaspersky company published blog post informing users that the attack have not affected customers and after analyzing and reversing the malware company improved the security technology they use to identify any new malicious threat that is targeting the company.
The technical specification of Duqu Malware Attack Kaspersky was as follows ” The attack exploited zero-day vulnerabilities and after elevating privileges to domain administrator, the malware spread in the network through MSI files which are commonly used by system administrators to deploy software on remote Windows computers. The cyberattack didn’t create or modify any disk files or system settings, making detection almost impossible. The philosophy and way of thinking of the ‘Duqu 2.0’ group is a generation ahead of anything seen in the APT world. But thanks to our technologies and top class researchers, we caught them”.
Kaspersky on the other hand started an internal investigation to identify who behind this malicious attack. Also there is a full report describing the situation is now available online: http://media.kaspersky.com/en/Duqu-2-0-Frequently-Asked-Questions.pdf