Kaspersky Lab breached, hackers plant a Duqu related ‘almost invisible’ malware
The world’s leading cyber security solutions provider, Kaspersky Lab has revealed that its systems have been breached by unknown hackers. The hackers then went on to plant a malware related to the dreaded Duqu family on its networks.
Kaspersky says that the hack attack was so sophisticated that it was almost impossible to find that the networks had been breached. Eugene Kaspersky, the company’s CEO described the attack as “almost invisible” and said the software was so sophisticated it could have cost $10m “maybe more” to build it and support it.
According to Kaspersky, the attack on it used three previously unknown zero-day vulnerabilities to breach its systems, and left very few traces in the aftermath. The malware was spread in the Kaspersky network through MSI (Microsoft Software Installer) files which are commonly used by system administrators to deploy software on remote Windows computers. Interestingly the breach didn’t leave behind any disk files or change system settings, which made the hack detection extremely difficult.
Kaspersky security team detected the breach in the “early spring”, and described it as “one of the most sophisticated campaigns ever seen”. It says that from the looks of the attack, it seems to be meticulously planned and carried out by the same group that was behind the 2011 Duqu attack. The sophistication of the malware indicates that this may be a state sponsored campaign.
The malware was discovered when Kaspersky security team was testing a new antivirus product on its own network. Kaspersky said that all the three zero days exploited by the hackers to gain entry into it systems have been patched by Microsoft since the attack. The last remaining zero-day (CVE-2015-2360) was patched by Microsoft on 9 June (MS15-061) after it was reported by Kaspersky.
“Spying on cybersecurity companies is a very dangerous tendency,” said the company’s chief executive Eugene Kaspersky. “The only way to protect the world is to have law enforcement agencies and security companies fighting such attacks openly. We will always report attacks regardless of their origin,” he added.
— Eugene Kaspersky (@e_kaspersky) June 10, 2015
The hackers targeted only the security research servers and ignored Kaspersky’s sales, marketing and legal departments, because they seemed to be interested in the Kaspersky’s research.
The firm said that the hack attack did not affect any of company’s products, technologies and services.