Cyber security frim Kaspersky Lab admitted yesterday it was hacked, saying it discovered an advanced attack on its internal networks.
Chairman and CEO Eugene Kaspersky describes the attack as complex and stealthy, and said it exploited several zero-day vulnerabilities, adding the company is “quite confident” there is a nation state behind it. “We’ve called it Duqu 2.0,” Kaspersky writes in a blog post.
“The first bit of good news is that we found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal.”
Kaspersky describes the thinking behind the attack as being “a generation ahead of anything we’d seen earlier – it uses a number of tricks that make it really difficult to detect and neutralise”.
“It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however, we did manage to detect it – with the alpha version of our Anti-APT solution, designed to tackle even the most sophisticated targeted attacks.”
He states none of the company’s products or services were compromised, meaning customers are not at risk due to the breach. “The attackers were interested in learning about our technologies, particularly our Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network, Anti-APT solution, and services,” Kaspersky wrote.
“The bad guys also wanted to find out about our ongoing investigations, and learn about our detection methods and analysis capabilities. Since we’re well known for successfully fighting sophisticated threats, they sought this information to try stay under our radar. No chance.”
Kaspersky notes the group behind the breach also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear programme and in the 70th anniversary event of the liberation of Auschwitz.
“We, in turn, will use this attack to improve our defensive technologies. New knowledge is always helpful, and better threat intelligence assists us in developing better protection. And of course, we’ve already added the detection of Duqu 2.0 to our products. So, in fact, there’s not really much bad news here at all,” Kaspersky writes.
While he would not speculate about who might be behind the attack, Kaspersky says governments attacking IT security companies is “simply outrageous”.
“We’re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyber world. We share our knowledge to fight cyber crime and help investigations become more effective.
“There are many things we do together to make this cyber world a better place. But now we see some members of this ‘community’ paying no respect to laws, professional ethics or common sense,” he notes.