Kaspersky Lab's internal network intrudes a new malware "Duqu 2.0"

BySergey Galyonkin

Kaspersky Lab, a security-related company known for antivirus software "Kaspersky", found an intruder to the internal network. As a result of conducting a large-scale survey, once"Stuxnet" used for cyber attack of nuclear reprocessing plantIt is said that it is related to "Duqu" is an evolved version of "Duqu 2.0It is said that it was found.

Kaspersky Lab confirmed cyber attack targeting companies and organizations in Europe, Middle East and Asia including the company | Kaspersky Lab
http://www.kaspersky.co.jp/about/news/virus/2015/vir10062015


The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns - Securelist
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/


Kaspersky Lab cybersecurity firm is hacked - BBC News
http://www.bbc.com/news/technology-33083050

In 2010, WindowsZero-day vulnerabilityA malware "Stuxnet" aiming at Siemens control system database was found. The purpose of Stuxnet isTo endanger the power grid in the US and send important details to a malicious attackerIt is told that it is said to be, and in fact Iran's nuclear reprocessing plant temporarily makes the uranium centrifuge into uncontrollable.

Like this "Stuxnet", "Duqu" is malware that collects confidential data and materials from specific organizations and sends it, looking at future attacks. It was thought that it was derived from Stuxnet, and it appeared around autumn 2011. However, it was thought that the activity ceased around 2012.

This time, Kaspersky Lab is using "Duqu" for intrusion into the internal networkAPT attackI assert. Because we have evolved from those of 2011, "Duqu 2.0I call it attention.

The attack by "Duqu 2.0" is that the group that was conducting the APT attack in "Duqu" in 2011 carried out with careful planning, the involvement of a specific state is suspected. In Kaspersky Lab, while intellectual property information in the research and development department was targeted, sales, marketing, communication, and legal departments were not covered by the attack.

Currently, patches are released by Microsoft by any of the zero day vulnerabilities used for attacks, and in Kaspersky it is possible to detect malware under the name of "HEUR: Trojan.Win32.Duqu2.gen" .