• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 17th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Hackers Used ‘Stolen Foxconn certs’ to Hack Kaspersky Via Duqu 2.0 Malware

June 16th, 2015 Pushpa Mishra Malware 0 comments
Hackers Used ‘Stolen Foxconn certs’ to Hack Kaspersky Via Duqu 2.0 Malware
Share on FacebookShare on Twitter

‘Stolen Foxconn certs’ used for embedding Duqu 2.0 malware into Windows PC — The crafty super-sophisticated malware infiltrated Kaspersky Labs.

Reportedly, Duqu 2.0 software was taken on using legal digital certificates issued to the world’s leading Chinese electronics giant Fixconn. The list of Foxconn’s customers includes Dell, Microsoft, Google, Apple, Sony and BlackBerry. This code-signing was disclosed by Kaspersky Labs researchers while studying the Duqu 2.0 infection.

hackers-used-stolen-foxconn-certs-to-hack-kaspersky-via-duqu-2-0-malware

Duqu 2.0 exploits around 3 zero-day vulnerabilities, which makes it highly sophisticated malware and most likely the product of an intelligence firm. Israel’s spies are among the prime suspects.

Duqu 2.0 stays in the computer’s memory without writing data on the disk. The malware is termed as an evolved form of the previous Duqu worm. Duqu Worm was a cyber-espionage toolkit that was discovered in 2011 and associated to the infamous Stuxnet worm.

Foxconn-signed code was trusted by Windows because the Chinese goliath’s certificate was supplied by a trusted certificate root called VeriSign. Therefore, the OS would happily run the 64-bit kernel-level Foxconn-signed Duqu 2.0 driver without setting out any alarms. This would allow the malware to spread and infect the entire machine.

Duqu’s masterminds are reckoned by Kaspersky Labs’ experts as those able to snatch copies of the security keys to different code-signing certificates through using a new one in every attack on an organization.

The FoxConn certificate used in this sample was most probably stolen.

According to the Russian security company, the leaking of Foxconn’s certificate undermines the increasing use of digital certificates as a dependable tool for verifying computer codes. Their whole point is to show that software hasn’t been tampered with and was developed by the vendor after signing the executable.

Foxconn and Verisign were informed by Kaspersky Labs regarding its findings prior to making it public with a blog post about the new twist in the Duqu 2.0 saga.

We reported previously Duqu 2.0 malware was used to hack Kaspersky. The attack was highly sophisticated and Israeli spies are the suspects.

[src src=”via” url=”http://www.wired.com/2015/06/foxconn-hack-kaspersky-duqu-2/”]Wired[/src]

[src src=”source” url=”https://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module”]SecureList[/src]

  • Tags
  • Duqu
  • Kaspersky
  • Malware
  • security
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Uber Petition Website Hacked- Hacker Uploaded Ad of Rival Firm Lyft
Next article Here's a 3D Printed Remaking of 'Ear of Hell' Classic Audio Speakers
Pushpa Mishra

Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.

Related Posts
Malware vendor returns with yet another nasty Android malware

Malware vendor returns with yet another nasty Android malware

Pakistani Android users hit by spyware campaign with malicious apps

Pakistani Android users hit by spyware campaign with malicious apps

Fake Trump's scandal video campaign spreading QNode RAT

Fake Trump's scandal video campaign spreading QNode RAT

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
UK Police mistakenly deleted 150,000 arrest records in software glitch
Technology News

UK Police mistakenly deleted 150,000 arrest records in software glitch

2244
Facebook sues developer of data scraping extensions for Chrome
Cyber Crime

Facebook sues developer of data scraping extensions for Chrome

3276
Warning as hackers breach MFA to target cloud services
Cyber Attacks

Warning as hackers breach MFA to target cloud services

5105

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us