Kaspersky Lab falls victim to sophisticated state-sponsored attack

[Shawn Knight]

Cybersecurity firm Kaspersky Lab revealed it recently detected and neutralized what it called a sophisticated, well-planned attack on their network, proving that sometimes, even the experts are vulnerable to hackers.

Kaspersky founder and CEO Eugene Kaspersky said he believes the attack was carried out by a government-backed group. Furthermore, based on the data the bad actors went after, he feels this was an obvious case of industrial espionage.

The firm tells us that those who infiltrated their network didn’t go after any customer data. Instead, they targeted the company’s research and development division which means none of the company’s products or services were affected. That’s good news for customers as it stands today but a bit alarming for Kaspersky in the long-term.

Getting a look at Kaspersky’s R&D efforts, its source code and intellectual property could give hackers a leg up when it comes to creating future malware. But even that scenario seems rather unlikely as code quickly becomes obsolete and you’d need access to the people that created it to fully understand the meaning of every detail.

Kaspersky said the Duqu 2.0 malware used in this attack was extremely advanced as it resides in the RAM, involved up to three previously unknown zero-day vulnerabilities and tries very hard to avoid making any changes to the hard drive. Its level of sophistication likely means that millions of dollars went into its development.

Permalink to story.

https://www.techspot.com/news/60960-kaspersky-lab-falls-victim-sophisticated-state-sponsored-attack.html

 

[wiyosaya]

I'm not so sure of

you’d need access to the people that created it to fully understand the meaning of every detail

. I am willing to bet that someone good at reverse engineering would also feel the same way. Often, what comes out of R & D departments (it is an unknown whether this is the case at Kaspersky) is basis code. In other words, it is the foundation on which all further code is built. Personally, I think it is hard to say what damage this might cause.

 

[VitalyT]

Its level of sophistication likely means that millions of dollars went into its development.

Until proven otherwise, I would assume it was all done a by a socially-detached kid in his home basement.

This is really obvious, they are trying to save face by inventing a whole dark side of the force behind the plot.

Reminds me of the enemy exaggeration from the Brave

P.S. Kaspersy is the last one - Dingwall's dad

 

[amstech]

It's been such a great anti-virus for so long, it was bound to be targeted.

 

[gazmatic]

It was "supposedly" carried out by israel because of iran's nuclear program.

sounds plausible enough

 

[DelJo63]

Interesting case of the shoe-maker's-children
if you've never heard of it:

The shoe maker was very popular and made shoes for everyone in town: the mayor, doctor, dentist, town counsel, their friends and all their children.

One day, the school teacher of the town noticed the shoe maker's children had NO shoes at all and when she talked to the shoe maker, his reply was "I'm too busy making shoes for the town folks".
​

I wrote an essay three years ago on the subject suggesting that the AV venders needed to create a lab and showcase just how they have avoided infections over the last xx years.

hmm; guess Kaspersky would need to be excused from the exercise.

btw: Today, the lab would be empty and dark (ie lights out) as they've all been infected one way or another,
There's just no silver bullet in AV.

 

[Guest]

It could be an inside job, backdoor.

 

[Guest]

"It could be an inside job, backdoor."

It probably was via USB. The best part: The person that brought in the infected USB (or other media) probably didn't even know it was infected.