A Russiancyber security company says that it has discovered a highly-technical, “almost invisible” cyber espionage tool that targeted the company’s own servers and other systems around the world, including some linked to the controversial Iranian nuclear negotiations.
KasperskyLabs which is based in Moscow announced that the discovery of the worm, called Duqu 2.0, which the company said it found this spring after the worm had penetrated through its system for “months.”
Kaspersky claims that after discovering the worm, started its investigation to find out other victims of the attack and found that some of the “infections are linked to the P5+1 events and venues related to negotiations with Iranabout a nuclear deal.”
The Wall Street Journal was the first news agency to publish the news about Duqu 2.0. According to the Wall Street, computers at three luxury European hotels where negotiations had been held were among the worm’s victims.
Eugene Kaspersky said that the company cannot say definitely who is behind the attack, but he believes that due to its sophistication and technical links to previous next-generation computer worms, the attack is most possibly been carried out by a government.
Kaspersky said that the name of the Duqu 2.0 was chosen for this worm because it appeared to be an upgraded version of the Duquworm which was another highly-sophisticated espionage tool discovered in 2011.
Kaspersky said, We can’t prove attribution because they’re going through proxy servers. “There are technical attributions we can read from the code. This attack is a relative, it’s a new generation of the Duqu attack, most probably made by the same people, or they shared the source code with others.”
Symantec which is a large cyber security company in America agreed that Duqu 2.0 is a evolution of the original threat that was created by the same group of attackers.
Symantec also reported Duqu 2.0 appears to have targeted European and North African telecom operators and a South East Asian electronic equipment manufacturer. Symantec had reported in 2012 that the Duqu threat had not been eliminated and that a new version of the worm had been discovered then.
Duqu and Duqu 2.0 is closely linked to Stuxnet, which is a revolutionary cyber-weapon that was believed to have physically damaged an Iranian nuclear facility and that was suspected to be a result of the joint US-Israeli top secret operation’s.
When the original Duqu was discovered in 2011, Symantec reported that it “shares large number of codes with Stuxnet” and the same suspicions were raise about whether the attackers were the same or if source code had been shared.
Wall Street Journal in its report today said that Duqu 2.0 was “commonly believed to be used by Israeli spies.”
But according to Kaspersky Labs, Duqu 2.0 code also included a number of “false flag” clues to hide/mislead who was behind it. One was a mention in the code of a nickname for a Chinese military officer who was one of five indicted by the U.S. in an extraordinary move by the Department of Justice against Chinese cyber espionage. Another report mentioned a prolific Romanian hacker.
Kaspersky claims that such false flags are relatively easy to spot, especially when the attacker is very careful not to make any other mistakes,”