Kaspersky Lab investigates hacker attack on its own network

[Batu69]

I’ve got some bad news and some good news.

The bad news

The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it. We’ve called it Duqu 2.0. Why Duqu 2.0 and what it has in common with the original Duqu? – See here.

The good news – pt. 1: We uncovered it

The first bit of good news is that we found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generation ahead of anything we’d seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however, we did manage to detect it – with the alpha version of our Anti-APT solution, designed to tackle even the most sophisticated targeted attacks.

@kaspersky nails nation-state attack on its network. Products & services not compromised; no risks for customers

The good news – pt. 2: Our customers are safe

Most importantly, neither our products nor services have been compromised, so our customers face no risks whatsoever due to the breach.

The details

The attackers were interested in learning about our technologies, particularly our Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network, Anti-APT solution, and services. The bad guys also wanted to find out about our ongoing investigations and learn about our detection methods and analysis capabilities. Since we’re well known for successfully fighting sophisticated threats they sought this information to try stay under our radar. No chance.

Attacking us was hardly the smart move: they’ve now lost a very expensive technologically-advanced framework they’d been developing for years. Besides, they tried to spy on our technologies… which are accessible under licensing agreements (at least some of them)!

#Duqu2 tried to steal @kaspersky technologies and snoop on ongoing investigations to stay under the radar

We’ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we’re confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it’s highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.

We, in turn, will use this attack to improve our defensive technologies. New knowledge is always helpful, and better threat intelligence assists us in developing better protection. And of course, we’ve already added the detection of Duqu 2.0 to our products. So, in fact, there’s not really much bad news here at all.

As mentioned, our investigation is still underway; it will require a few more weeks to get the whole picture in all its detail. However, we’ve already verified that the source code of our products is intact. We can confirm that our malware databases have not been affected, and that the attackers had no access to our customers’ data.

You may ask at this point why we’ve disclosed this information, or whether we’re afraid it may damage our reputation.

Well, first, not disclosing – that would be like not reporting a car accident with casualties to the police because it may hurt your no-claims bonus. Besides, we know the anatomy of targeted attacks well enough to understand there’s nothing to be ashamed of in disclosing such an attack – they can happen to anyone. (Remember: there are two just types of companies – those that have been attacked and those that don’t know they’ve been attacked.) By disclosing the attack we (i) send a signal to the public and question the validity – and morality – of presumably a state-sponsored attacks against private business in general, and security companies in particular; and (ii) share our knowledge with other businesses to help them protect their assets. Even if it does hurt ‘reputation’ – I don’t care. Our mission is to save the world, and that admits no compromise.

Who’s behind the attack? What nation?

Let me say this again: we don’t attribute attacks. We’re security experts – the best – and we don’t want to dilute our core competence by getting into politics. At the same time, as a committed supporter of responsible disclosure we’ve filed statements with law enforcement agencies in several countries for them to start criminal investigations. We also reported the detected zero-day to Microsoft, which in turn recently patched it (don’t forget to install the Windows update).

I just want to let everybody do their job and see the world change for the better.

Wrapping up this announcement I’d like to share a very serious concern.

Governments attacking IT security companies is simply outrageous. We’re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. We share our knowledge to fight cybercrime and help investigations become more effective. There are many things we do together to make this cyberworld a better place. But now we see some members of this ‘community’ paying no respect to laws, professional ethics or common sense.

To me, it’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare. If various murky groups – often government-linked – treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I’m once again calling on all responsible governments to come together and agree on such rules, and to fight against cybercrime and malware, not sponsor and promote it.

@kaspersky calling on nation-states to respect rules, ethics and common sense in cyberspace. Not for the 1st time

Source

[Holmes]

This could of happened from the malware being so powerful that it its infected networks it didnt intend to thats happened with infections like it in the past. I want that anti-apt solution and I hope they release it to its customers in the future. Thank you for posting this..

[willieaames]

Cover up story, how could they provide security when they are still vulnerable to hackers?

[212eta]

Cover up story, how could they provide security when they are still vulnerable to hackers?

Many Security vendors were hijacked in the past.

It is not the 1st time; it won't be the last one...

[humble3d]

Related... The men in black hitting back ??

Your hard drives were riddled with nsa spyware for years

Kaspersky: 'Equation Group' attacked 'high value targets'

http://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group

NOTE: IF CONSPIRACIES DID NOT EXIST, THERE WOULD NOT BE LAWS AGAINST CONSPIRACIES...BUT,

THERE ARE LAWS AGAINST CONSPIRACIES...

:wtf: :lol: :s

[SPECTRUM]

Who’s behind the attack? What nation?

[steven36]

Who’s behind the attack? What nation?

why ask this question ?

More info here Why Israel spied on Iran talks 'is not the question we should be asking'

The use of Duqu by Israel against Iran is not the question we should be asking," Jeff Bardin, chief intelligence officer of Treadstone 71, told Business Insider. "The question should be why Kaspersky only finds code of this type by nation-states it does not consider friendly to Russia or those aligned to the West."

Kaspersky Lab is a leading cybersecurity firm that helps millions of people worldwide, including Americans, protect their data from cybercriminals. While the firm is often aggressive in its pursuit of foreign hackers, however, it tends to turn a blind eye to hackers operating inside Russia.

http://uk.businessinsider.com/why-kaspersky-revealed-israel-spying-on-iran-2015-6?r=US

Fact: I told my family to not renew kaspersky this year way before this happen because I dont trust it really anymore and i put a different one on the computers in my network . We had bought it for years . ;)

[AlienForce1]

And what did you choose ? Which is that company that you trust more ?

[steven36]

And what did you choose ? Which is that company that you trust more ?

I dont trust USA or China ether the ones I use are based in Czech Republic and Slovakia :) let the superpowers spy amongst themselves . :lol:

If all the big government agents are using Kaspersky , 360 and Symantec I dont have to worry as much :P

If Israel was able to hack them and they said something about it.

Kaspersky Lab is a leading cybersecurity firm that helps millions of people worldwide, including Americans, protect their data from cybercriminals. While the firm is often aggressive in its pursuit of foreign hackers, however, it tends to turn a blind eye to hackers operating inside Russia.

No telling what Russia is doing and there not reporting it . ;)