Latest in Duqu

Image credit:

State-backed spyware targets antivirus maker, Iranian nuclear talks

Share
Tweet
Share

Sponsored Links

The threat posed by state-sponsored malware might be even larger than first thought. Antivirus developer Kaspersky Lab says it discovered an attack on its network by allegedly government-made spyware that appears to be an upgraded version of Duqu, the Stuxnet-based worm used by Israel and the US to derail Iran's nuclear efforts. This "Duqu 2.0" not only tried to obtain details about Kaspersky's investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.

While there's no smoking gun proving who was responsible, the list of additional victims narrows the possible culprits. There were less than 100 targets, including participants in negotiations surrounding Iran's nuclear program -- it's easy to see Israel or the US once again being involved. The scope of the attack is likely "much wider," according to Kaspersky, and its competitor Symantec suspects that the snoops were using their tool for "multiple intelligence gathering campaigns."

The good news? While it's not certain just what the intruders collected, the immediate damage is relatively minimal. Kaspersky says that Duqu 2.0 didn't compromise its customers or products, and Microsoft just recently patched the Windows vulnerability that let the attackers in. It almost goes without saying that Kaspersky's antivirus tools now know to look for the offending software. However, the implications of the breach are severe. They suggest that a government body was willing to compromise a security company, one of its supposed allies, in the name of developing harder-to-find hacking technology -- an "outrageous" idea in Kaspersky's eyes. It's now less likely that private security researchers will cooperate on cyberdefense issues, which could worsen the situation for everyone.

[Image credit: Image credit: IIPA via Getty Images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Peloton settles music licensing lawsuit over its exercise videos

Peloton settles music licensing lawsuit over its exercise videos

View
Spotify redesign makes it easier to play, favorite and download music

Spotify redesign makes it easier to play, favorite and download music

View
New Powerbeats wireless headphones appear to be on the way

New Powerbeats wireless headphones appear to be on the way

View
The latest Timex smartwatch has 25-day battery life

The latest Timex smartwatch has 25-day battery life

View
Is the Roku Ultra your favorite streaming device?

Is the Roku Ultra your favorite streaming device?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr