Menu
Duqu spy group also targeted telecommunications companies

Duqu spy group also targeted telecommunications companies

Symantec found infections with Duqu 2.0 in the U.S., U.K., Sweden, India and Hong Kong

Big data

Big data

The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran.

On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over the past few years, revealed that it too fell victim to such an attack.

The company discovered in early spring that several of its internal systems were infected with a new version of Duqu, a sophisticated malware platform believed to be related to the Stuxnet worm used to sabotage Iran's nuclear enrichment centrifuges at Natanz.

Kaspersky reported that in addition to its own systems, it identified computers infected with Duqu 2.0 at hotels that hosted talks over the past year between the U.S., Germany, France, Russia, the U.K., China and Iran over the latter's nuclear program. The company also identified infections at a location associated with the 70th anniversary of the liberation of the Auschwitz concentration camp, which was commemorated on Jan. 27.

Now security firm Symantec has done its own analysis of Duqu 2.0, which unlike the first version, lives only in the memory of infected computers, without writing any files on disk. This makes it much harder for security products to to detect.

Symantec scanned its own global network and found Duqu 2.0 infections in the U.S., U.K., Sweden, India and Hong Kong, as well as on the systems of a European network operator, a North African network operator and an electronic equipment manufacturer from South East Asia. It didn't name the affected companies.

"Some organizations may not be the ultimate targets of the group's operations, but rather stepping stones towards the final target," the Symantec researchers said in a blog post. "The group's interest in telecoms operators could be related to attempts to monitor communications by individuals using their networks."

The group behind Duqu is known for compromising "utilitarian targets." These are companies like Kaspersky Lab or the network operators, whose information and assets might help the group improve its attack capabilities and achieve its final goals.

For example, in 2011 the Duqu group infected a certificate authority in Hungary with the first version of the malware tool. The goal was probably to obtain valid digital certificates that could be used to sign their malware samples.

The Kaspersky Lab researchers believe that a nation state is behind Duqu due to the sophistication of the malware platform and the techniques employed by its creators, including the use of multiple zero-day exploits -- exploits for previously unknown vulnerabilities in Windows and other software products.

The Wall Street Journal reported Wednesday that unnamed former U.S. government officials believe Israel is behind Duqu. This would explain the group's interest in the Iranian nuclear negotiations, which Israel opposes, and the platform's similarity to Stuxnet, which is believed to have been a joint U.S.-Israeli project.

Duqu is not the first cyberespionage malware threat that was used to target telecom operators. The Equation group, which some people believe is the U.S. National Security Agency, has also compromised such companies, and so did Volatile Cedar, a cyberespionage group that security firm Check Point Software Technologies believes operates from Lebanon.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarespywaresymantecintrusionkaspersky lab

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments