Beware – Duqu Has Returned, Kaspersky Reveals

One of the most damaging cyber-threats of recent years has resurfaced in what will be most unwelcome news for many security professionals.

Researchers at Kaspersky Labs have today announced the discovery of Duqu 2.0, an updated successor to 2012’s original Duqu, which attacked countries around the world and was thought to be linked to the Stuxnet worm.

The threat, which has been active for around a year, was detected running on Kaspersky’s own systems, as well as having attacked several major organisations around the globe, using up to three different zero-day exploits and Advanced Protection Threats (APTs).

It is thought to have infected systems related to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal, as well as launching a similar attack in relation to the 70th anniversary event of the liberation of Auschwitz-Birkenau.

‘Highly sophisicated’

“The people behind Duqu are one of the most skilled and powerful APT groups and they did everything possible to try to stay under the radar,” said Costin Raiu, director of Kaspersky Lab’s global research & analysis team.

“This highly sophisticated attack used up to three zero-day exploits, which is very impressive – the costs must have been very high. To stay hidden, the malware resides only in kernel memory, so anti-malware solutions might have problems detecting it. It also doesn’t directly connect to a command-and-control server to receive instructions. Instead, the attackers infect network gateways and firewalls by installing malicious drivers that proxy all traffic from the internal network to the attackers’ command and control servers.”

As for Kaspersky, it admitted it was attacked via, “a zero-day in the Windows Kernel, and possibly up to two other, currently patched vulnerabilities, which were zero-day at that time”.

Analysis of the attack revealed that the main goal of the attackers was to spy on Kaspersky Lab technologies, ongoing research and internal processes. No interference with processes or systems was detected, and the company has reassured its customers it is still able to detect and block threats.

“Spying on cybersecurity companies is a very dangerous tendency. Security software is the last frontier of protection for businesses and customers in the modern world, where hardware and network equipment can be compromised. Moreover, sooner or later technologies implemented in similar targeted attacks will be examined and utilised by terrorists and professional cybercriminals. And that is an extremely serious and possible scenario,” commented Eugene Kaspersky, CEO of Kaspersky Lab.

“Reporting such incidents is the only way to make the world more secure. This helps to improve the security design of enterprise infrastructure and sends a straightforward signal to developers of this malware: all illegal operations will be stopped and prosecuted. The only way to protect the world is to have law enforcement agencies and security companies fighting such attacks openly. We will always report attacks regardless of their origin.”

How well do you know Internet security? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

13 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

14 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

16 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

16 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

17 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

18 hours ago