Kaspersky Lab investigates hacker attack on its own network
In light of the recent attack on Kaspersky Lab, kaspersky issued the following statement:
The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities, and we're quite confident that there's a nation state behind it. We've called it Duqu 2.0.
The first bit of good news is that we found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generation ahead of anything we'd seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however, we did manage to detect it – with the alpha version of our Anti-APT solution, designed to tackle even the most sophisticated targeted attacks. Most importantly, neither our products nor services have been compromised, so our customers face no risks whatsoever due to the breach.
We've found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran's nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we're confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it's highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.
We've found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran's nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we're confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it's highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.
Comments