Duqu spy group also targeted telecommunications companies

Symantec found infections with Duqu 2.0 in the U.S., U.K., Sweden, India and Hong Kong

Big data

Big data

The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran.

On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over the past few years, revealed that it too fell victim to such an attack.

The company discovered in early spring that several of its internal systems were infected with a new version of Duqu, a sophisticated malware platform believed to be related to the Stuxnet worm used to sabotage Iran's nuclear enrichment centrifuges at Natanz.

Kaspersky reported that in addition to its own systems, it identified computers infected with Duqu 2.0 at hotels that hosted talks over the past year between the U.S., Germany, France, Russia, the U.K., China and Iran over the latter's nuclear program. The company also identified infections at a location associated with the 70th anniversary of the liberation of the Auschwitz concentration camp, which was commemorated on Jan. 27.

Now security firm Symantec has done its own analysis of Duqu 2.0, which unlike the first version, lives only in the memory of infected computers, without writing any files on disk. This makes it much harder for security products to to detect.

Symantec scanned its own global network and found Duqu 2.0 infections in the U.S., U.K., Sweden, India and Hong Kong, as well as on the systems of a European network operator, a North African network operator and an electronic equipment manufacturer from South East Asia. It didn't name the affected companies.

"Some organizations may not be the ultimate targets of the group's operations, but rather stepping stones towards the final target," the Symantec researchers said in a blog post. "The group's interest in telecoms operators could be related to attempts to monitor communications by individuals using their networks."

The group behind Duqu is known for compromising "utilitarian targets." These are companies like Kaspersky Lab or the network operators, whose information and assets might help the group improve its attack capabilities and achieve its final goals.

For example, in 2011 the Duqu group infected a certificate authority in Hungary with the first version of the malware tool. The goal was probably to obtain valid digital certificates that could be used to sign their malware samples.

The Kaspersky Lab researchers believe that a nation state is behind Duqu due to the sophistication of the malware platform and the techniques employed by its creators, including the use of multiple zero-day exploits -- exploits for previously unknown vulnerabilities in Windows and other software products.

The Wall Street Journal reported Wednesday that unnamed former U.S. government officials believe Israel is behind Duqu. This would explain the group's interest in the Iranian nuclear negotiations, which Israel opposes, and the platform's similarity to Stuxnet, which is believed to have been a joint U.S.-Israeli project.

Duqu is not the first cyberespionage malware threat that was used to target telecom operators. The Equation group, which some people believe is the U.S. National Security Agency, has also compromised such companies, and so did Volatile Cedar, a cyberespionage group that security firm Check Point Software Technologies believes operates from Lebanon.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarespywaresymantecintrusionkaspersky lab

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?