Difficult to admit having been the subject of computer spying when you are one of the main players in the security field, and yet Kaspesky announced that it had discovered very sophisticated spyware on its network.
The firm evokes a stealth software that generates very little network traffic in order to stay under radars and alarms, it moves from one station to another to contaminate an entire network during a long-term job without leaving any trace on the posts he leaves.
Kaspersky specifies "It does not create any file on the disk, it does not modify the registry. The particularity of this malware is that it only runs in memory, it is an almost undetectable attack."
Once the malware was spotted, Kaspersky analyzed it and set out to track it on the web. This is where the software displays its complexity. To infiltrate networks, the software relied on three 0day flaws (which Microsoft has fixed in the meantime). The software itself is complete and has a hundred different plugins centralized on network data collection, password theft, remote control, file search …
Kaspesky thus indicates that "This malware could cost ten million dollars and mobilize a team of engineers for its development and support." In short, it is not software created by a hacker group, but a spy tool funded by a state.
The software source code partially reproduces that of Duqu, a spyware known since 2011 and cousin of the popular Stuxnet. This discovery then had an implication: according to Kaspersky, this new version of Duqu could not have been produced without the assistance of the creators of the very first malware.
Currently, Kaspersky has not communicated what data has been targeted by this Duqu 2.0 on its infrastructures. According to the Wall Street Journal, the software is the work of the Istaelian government just like its predecessor.
Kaspersky has spotted other attacks by this spyware on three luxury hotels in Switzerland that have hosted "P5 + 1" negotiations on the subject of Iranian nuclear, a sensitive subject for Israel. But other attacks have been identified in the West as well as in Asia and the Middle East.
The company regrets to see governments embark on this race to cyber espionage, mainly because these advanced software eventually fall into the hands of cybercriminals.