Cybersecurity industry leader Kaspersky Labs admitted on Wednesday, June 10th that it had recently been victimized by a highly sophisticated hack. Kaspersky noted that it believed the attack was intended to spy on its new technologies and future plans.
In a scary development, Kaspersky highlighted that the recent hack used up to three previously unknown attack techniques.
The well-regarded Russian firm said it was still carrying out deep-level checks, but was confident it had detected the attack at a relatively early stage. The company did admit that the hackers accessed some files, but the data that was compromised was “in no way critical to the operation” of its security services.
Details on Kaspersky Labs hack
In its statement on Wednesday, Kaspersky said that it had first noted the intrusion this spring, and called it “one of the most sophisticated campaigns ever seen”.
The new malware does not actually write files to disk, but instead stays solely in the memory, making it hard to find.
Kaspersky says it has managed to the attack to the still unknown creators of an earlier Trojan called Duqu, which was made public in 2011 after being used in multiple attacks across the globe.
Of note, and as usual, the highly sophisticated hackers exploited Microsoft software to break into Kaspersky’s systems. Kaspersky noted the the new variant Duqu malware was introduced via Microsoft Software Installer files, which are frequently used to install programs on remote computers.
“This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive – the costs must have been very high,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team.
Raiu also said there was strong evidence these kind of “Duqu 2.0” attacks were focused on other targets, including a number of the venues used for the nuclear talks between Iran and various Western nations.
Mikko Hypponen, the chief research officer at F-Secure, a rival cybersecurity firm, said he had had only a brief chance to look into the report from Kaspersky, but added that it did seem like a “big deal”.
Statement from CEO Eugene Kaspersky
“Spying on cybersecurity companies is a very dangerous tendency,” said the company’s chief executive Eugene Kaspersky. “The only way to protect the world is to have law enforcement agencies and security companies fighting such attacks openly. We will always report attacks regardless of their origin.”