Petronella Blog Archive

Visit our New Blog

Who Attacked Kaspersky?

Blog Post

Kaspersky Lab, the well-known Russian security firm, recently discovered a big cyberattack against itself.  But just who was behind it?

Upon investigation, Kaspersky discovered that the attack used a digital certificate from Foxxconn.  Foxxconn is a company in Taiwan that manufactures a lot of big-name electronics, including iPhones and popular gaming consoles.

The malware was called Duqu 2.0 because it's similar to older malware called Duqu, which in turn is based on the Stuxnet worm.  It appears to have been made to look like it came from China, but Stuxnet is believed to have been the child of the US and Israel.

Stuxnet was used to spy on UN Security Council discussions on Iran's nuclear development and was found in one of Iran's nuclear facilities in the last decade.  Duqu 1 and 2.0, however, are believed to be solely Israeli projects.  

The Foxxconn digital certificate was used because Duqu needs a way to disguise a malicious driver.  It disappears when a computer shuts down, but it reinstalls itself when the system restarts.  It's also used to move the stolen data and make it harder to detect.