Eugene Kaspersky responds to hack by ‘next generation’ threat actor

Eugene Kaspersky, founder of Kaspersky Lab, was in London Wednesday to announce that his company's servers had been hacked by a malware package which has been dubbed Duqu 2.0.

In early Spring 2015, Kaspersky Lab detected a cyber-intrusion affecting several of its internal systems. An investigation led to the discovery of a new malware platform which it recognised as Duqu, described by the company as one of the most skilled, mysterious and powerful threat actors in the APT world.

The attack included unique and previously unseen features which left almost no traces, and Kaspersky believes that the attackers were confident that they would not be discovered.

He estimates that the attackers had access to the servers for several months before the intrusion was detected. Because it didn't leave any disk files nor change system settings, Kaspersky says the design of the attack is a generation ahead of anything seen in the APT world to date.

Kaspersky Lab was not the only victim, the company said, saying that it has been found in Western countries, the Middle East and Asia.

On a geopolitical note, it has been discovered on systems related to events and venues associated with the P5 + 1 negotiations with Iran regarding nuclear power and nuclear weapons.

The attacker behind Duqu 2.0 also appears to have attacked events and venues around the 70th anniversary of the liberation of Auschwitz-Birkenau, attended by international politicians.

An audit of Kaspersky Lab systems is still ongoing, but initial findings indicate the motivation for the attack was to spy on its research and operations.

More coverage of this, plus an exclusive video interview with Eugene Kaspersky, will follow soon on this site.

This article originally appeared on SC Magazine UK.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.