A Russian
cyber security company says that it has discovered a
highly-technical, “almost invisible” cyber espionage tool that
targeted the company’s own servers and other systems around the
world, including some linked to the controversial Iranian nuclear
negotiations.
Kaspersky
Labs which is based in Moscow announced that the discovery of the
worm,
called Duqu
2.0,
which the company said it found this spring after the worm had
penetrated through its system for “months.”
Kaspersky
claims that after discovering the worm, started its investigation to
find out other victims of the attack and found that some of the
“infections are linked to the P5+1 events and venues related to
negotiations with Iran
about a nuclear deal.”
The
Wall Street Journal was the first news agency to publish the news
about Duqu 2.0. According to the Wall Street, computers at
three luxury European hotels where negotiations had been held were
among the worm’s victims.
Eugene
Kaspersky said that the company cannot say definitely who is behind
the attack, but he believes that due to its sophistication and
technical links to previous next-generation computer worms, the
attack is most possibly been carried out by a government.
Kaspersky
said that the name of the Duqu 2.0 was chosen for this worm because
it appeared to be an upgraded version of the Duqu
worm which was another highly-sophisticated espionage tool discovered
in 2011.
Kaspersky
said, We can’t prove attribution because they’re going through
proxy servers. “There are technical attributions we can read from
the code. This attack is a relative, it’s a new generation of the
Duqu attack, most probably made by the same people, or they shared
the source code with others.”
Symantec
which is a large cyber security company in America agreed that Duqu
2.0 is a evolution of the original threat that was created by the
same group of attackers.
Symantec
also reported Duqu 2.0 appears to have targeted European and North
African telecom operators and a South East Asian electronic equipment
manufacturer. Symantec had reported in 2012 that the Duqu threat had
not been eliminated and that a new version of the worm had been
discovered then.
Duqu
and Duqu 2.0 is closely linked to Stuxnet,
which is a revolutionary cyber-weapon that was believed to have
physically damaged an Iranian nuclear facility and that was suspected
to be a result of the joint US-Israeli top secret operation’s.
When
the original Duqu was discovered in 2011, Symantec reported that it
“shares large number of codes with Stuxnet” and the same
suspicions were raise about whether the attackers were the same or if
source code had been shared.
Wall
Street Journal in its report today said that Duqu 2.0 was “commonly
believed to be used by Israeli spies.”
But according
to Kaspersky Labs, Duqu 2.0 code also included a number of “false
flag” clues to hide/mislead who was behind it. One was a mention in
the code of a nickname for a Chinese military officer who was one of
five indicted by the U.S. in an extraordinary move by the Department
of Justice against Chinese cyber espionage. Another report mentioned
a prolific Romanian hacker.
Kaspersky
claims that such false flags are relatively easy to spot, especially
when the attacker is very careful not to make any other mistakes,”
