Menu
Duqu spy group also targeted telecommunications companies

Duqu spy group also targeted telecommunications companies

Symantec found infections with Duqu 2.0 in the U.S., U.K., Sweden, India and Hong Kong

Big data

Big data

The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran.

On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over the past few years, revealed that it too fell victim to such an attack.

The company discovered in early spring that several of its internal systems were infected with a new version of Duqu, a sophisticated malware platform believed to be related to the Stuxnet worm used to sabotage Iran's nuclear enrichment centrifuges at Natanz.

Kaspersky reported that in addition to its own systems, it identified computers infected with Duqu 2.0 at hotels that hosted talks over the past year between the U.S., Germany, France, Russia, the U.K., China and Iran over the latter's nuclear program. The company also identified infections at a location associated with the 70th anniversary of the liberation of the Auschwitz concentration camp, which was commemorated on Jan. 27.

Now security firm Symantec has done its own analysis of Duqu 2.0, which unlike the first version, lives only in the memory of infected computers, without writing any files on disk. This makes it much harder for security products to to detect.

Symantec scanned its own global network and found Duqu 2.0 infections in the U.S., U.K., Sweden, India and Hong Kong, as well as on the systems of a European network operator, a North African network operator and an electronic equipment manufacturer from South East Asia. It didn't name the affected companies.

"Some organizations may not be the ultimate targets of the group's operations, but rather stepping stones towards the final target," the Symantec researchers said in a blog post. "The group's interest in telecoms operators could be related to attempts to monitor communications by individuals using their networks."

The group behind Duqu is known for compromising "utilitarian targets." These are companies like Kaspersky Lab or the network operators, whose information and assets might help the group improve its attack capabilities and achieve its final goals.

For example, in 2011 the Duqu group infected a certificate authority in Hungary with the first version of the malware tool. The goal was probably to obtain valid digital certificates that could be used to sign their malware samples.

The Kaspersky Lab researchers believe that a nation state is behind Duqu due to the sophistication of the malware platform and the techniques employed by its creators, including the use of multiple zero-day exploits -- exploits for previously unknown vulnerabilities in Windows and other software products.

The Wall Street Journal reported Wednesday that unnamed former U.S. government officials believe Israel is behind Duqu. This would explain the group's interest in the Iranian nuclear negotiations, which Israel opposes, and the platform's similarity to Stuxnet, which is believed to have been a joint U.S.-Israeli project.

Duqu is not the first cyberespionage malware threat that was used to target telecom operators. The Equation group, which some people believe is the U.S. National Security Agency, has also compromised such companies, and so did Volatile Cedar, a cyberespionage group that security firm Check Point Software Technologies believes operates from Lebanon.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securitymalwarespywaresymantecintrusionkaspersky lab

Featured

Slideshows

Looking back at the top 15 M&A deals in NZ during 2017

Looking back at the top 15 M&A deals in NZ during 2017

In 2017, merger and acquisitions fever reached new heights in New Zealand, with a host of big name deals dominating the headlines. Reseller News recaps the most important transactions of the Kiwi channel during the past 12 months.

Looking back at the top 15 M&A deals in NZ during 2017
Kiwi channel closes 2017 with After Hours

Kiwi channel closes 2017 with After Hours

The channel in New Zealand came together to celebrate the close of 2017, as the final After Hours played out in front of a bumper Auckland crowd.

Kiwi channel closes 2017 with After Hours
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Show Comments