Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Duqu cyberespionage group compromised venues hosting Iran nuclear negotiations

Lucian Constantin | June 11, 2015
A state-sponsored espionage group that uses a malware platform called Duqu has compromised the computer networks of several hotels and venues that hosted negotiations over Iran's nuclear program.

The techniques used by the Duqu 2.0 group are, according to the Kaspersky researchers, ahead of anything seen in the advanced persistent threat world.

Its level of sophistication surpasses even the Equation group, which until now has been considered the most sophisticated cyberespionage actor, the Kaspersky researchers said.

Unlike the Equation malware, which uses persistence mechanisms on infected systems, Duqu 2.0 was designed to run only in memory and disappears on reboot. This suggests that its authors know they can regain access to previously compromised systems and reinfect them.

"The Duqu 2.0 threat actor was confident enough to create and manage an entire cyberespionage operation just in memory — one that could survive within an entire network of compromised computers without relying on any persistence mechanism at all," the Kaspersky researchers wrote.

Most malware creators, including sophisticated ones like the Equation group, are consistent in their use of particular encryption algorithms. With Duqu 2.0, the encryption algorithms used vary from case to case, making it more difficult to establish relationships between infections.

Kaspersky Lab did not speculate on which country might be behind Duqu 2.0, but the Wall Street Journal reported that unnamed former U.S. government officials believe it's Israel.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.