New APT Duqu 2.0 Hits High-Value Victims, Including Kaspersky Lab

[RV_]

This one is out in the wild. But it is not attacking or targeting individuals per se, unless you're an Iranian Nuke Scientist! So no alarm to raise here. This is for the techies here as they even got Kaspersky with their newest variant of DuQu.

 

Excerpt:

 

"The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks last fall.

 

The new spate of attacks was discovered by researchers at Kaspersky Lab after they uncovered evidence that some of the company’s own systems had been compromised by the platform, which is being called Duqu 2.0. Kaspersky’s investigation into the incident showed that the Duqu attackers had access to a small number of systems and were especially interested in the company’s research into APT groups, its anti-APT technology, and some Kaspersky products, including the Secure Operating System and Kaspersky Security Network. Kaspersky officials said that although the initial infection vector isn’t known, the attackers used as many as three Windows zero-day in the course of the operation.

 

The last of the zero days used by the Duqu 2.0 attackers was patched by Microsoft on Tuesday. The vulnerability, CVE-2015-2360, was an elevation-of-privilege bug in the Windows kernel-mode drivers."

 

See more at: https://threatpost.com/duqu-resurfaces-with-new-round-of-victims-including-kaspersky-lab/113237#sthash.JxA7npJS.dpuf

 

The entire article is an eye opener. Hats off to Kaspersky for admitting their infection.