“Don’t hack me! That’s a bad idea,” Says Eugene Kaspersky to APT Groups

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Earlier today, the boss of Kaspersky Labs appeared in a cheerful mood at a press conference in London, called to offer clarifications on the cyber attack at a company office from one of the most mysterious advanced persistent threat (APT) groups identified to date.

Eugene Kaspersky did not offer details about who was behind the attack and was evasive on providing an accurate time frame for the compromise, but was quick to point out the sophistication of the platform used, a second-generation Duqu that emerged in 2014 after an absence of about two years.

Duqu 2 was like a ninja on Kaspersky's systems
He said that the malware and tactics used by the APT allowed it to be almost invisible on the network for a significant period, comparing its actions and the prowess of the threat actor to a mix of Alien, Terminator and Predator in the movie world.

The components of Duqu 2 were found on the internal network of an APAC office of the security company in spring, but Eugene Kaspersky said that it went undetected for a long time, a few months.

It would have probably spent even more time on the infrastructure collecting information on the security experts’ malware research approach (collection and manual analysis) and technologies used by the company, but its activity was revealed during an internal security audit of the systems.

The reason for flying under the radar this long is that it does not leave any trace on the compromised machine, all malicious module running in memory. A simple reboot, also recommended by Kaspersky to make sure that Duqu 2 is not on the network, would remove the infection, but only if the entire network is powered off.

Apart from lodging itself in RAM, the malware does not generate much traffic, which would have alerted Kaspersky’s anti-APT systems to suspicious activity; it also pretends to be the system administrator, a tactic that also prevents detection.

Getting on the network in the first place was mostly likely done via spear-phishing, and then multiple vulnerabilities (zero-days at the time the attack was discovered, one patched on Tuesday) were exploited to elevate privileges and spread across the infrastructure.

State-sponsored attacks drive the advances in cybercrime, too
It is believed that Duqu 2 is the result of a state-sponsored operation that targets high profile companies in the west, Asia, Middle-East and Russia, whose costs are estimated by Kaspersky to start at the $10 / €8.8 million mark.

In a report from Symantec on Wednesday, victims have been identified in Sweden, India, Hong Kong, USA, UK as well as North Africa.

As far as attribution is concerned Eugene Kaspersky said that researchers can draw a conclusion only based on the source code of the malware, the command and control servers used and the movement on the network. No specific government was named during the press conference.

However, the talked about the future implications of such an attack against a security company, saying that it also pushes cybercrime to new standards. State-sponsored cyber incidents educate the “bad guys” (referring to cybercriminals that are in the game for the money), and traditional crime is also nudged towards cyber tools, bringing everything closer to cyber terrorism.

Read more: http://news.softpedia.com/news/Don-...s-Eugene-Kaspersky-to-APT-Groups-483950.shtml
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
True, all I can say is Israel has some talented IT experts. I can understand the Iran talks, as they leaked a lot of information, so the USA kicked them out, that's why, they want them/NSA to take the blame, as a kinda I got you back. Kaspersky states:

"To mitigate this threat, Kaspersky Lab is releasing Indicators of Compromise and would like to offer its assistance to all interested or affected organizations. Also, procedures for protection from Duqu 2.0 have been added to the company’s products."

Wow, I am protected, now if Israel goes after me then they won't succeeded....
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top