An expensive and highly sophisticated hack attack was carried out on the Moscow-based Kaspersky Lab by state-backed hackers.
On Wednesday the world’s best cybersecurity firm Kaspersky Lab announced that its systems were attacked most probably by some hackers who were backed by a ‘country’.
Reportedly, the customers’ data is safe since the sophisticated attack could not access user information and the primary focus was Kaspersky’s own intellectual property and systems. The company was targeted with Duqu malware.
Duqu is a sophisticated malware platform discovered by CrySyS Lab, and investigated by Kaspersky Lab in 2011. Its main purpose was to act as a backdoor into the system and facilitate the theft of private information. In 2011 Duqu was detected in Hungary, Austria, Indonesia, the UK, Sudan, and Iran. There are clues that Duqu was used to spy on Iran’s nuclear program and also to compromise Certificates Authorities to hijack digital certificates. These certificates were used to sign malicious files to evade security solutions.
This attack, however, shows the extent of technological expertise the hackers now possess and how ineffective even the most prepared and dependable cybersecurity firms are.
According to Kaspersky, the hackers were “a generation ahead of anything seen” as they used a method that used the “zero-day” vulnerabilities or flaws present in software about which the developers also were clueless.
Kaspersky hasn’t taken any names regarding the probable country that attacked its systems but it did point fingers at some states including Israel and the United States in its previous reports on cyber spying.
Kaspersky posted a detailed analysis of the attack on its website. The firm revealed that venues that hosted Iran’s nuclear talks were also attacked and other targets throughout the world were also identified by the firm’s investigation team, according to an explanation from Kaspersky.
The company suspected the involvement of a country or government because of the expensive nature and costs of the infrastructure required to carry out such an extensive attack.