Duqu 2.0

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions.[1] The malware, which infect Kaspersky Lab for months without their realizing,[2] is believed to be the work of Unit 8200.

Kaspersky discovered the malware, and Symantec confirmed those findings. The malware is a variant of Duqu, and Duqu is a variant of Stuxnet. The software is "linked to Israel", according to The Guardian.[3] The software used three zero-day exploits[4], and would have required funding and organization consistent with a government intelligence agency.[5]

According to Kaspersky, "the philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world."[6]

See also[edit]

References[edit]

  1. ^ "Iran nuclear talks: Israel denies bugging venues". 11 June 2015. Retrieved 23 June 2017 – via BBC News. 
  2. ^ Hackers PWNED Kaspersky Lab servers for months -- Duqu 2.0 blamed on Israel By Richi Jennings, Computerworld | JUN 11, 2015
  3. ^ Gibbs, Samuel (11 June 2015). "Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue". Retrieved 23 June 2017 – via The Guardian. 
  4. ^ Maynard, Peter; McLaughlin, Kieran; Sezer, Sakir (February 2016). "Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction". ICISSP: 465–472. doi:10.5220/0005745704650472. Retrieved 24 July 2017. 
  5. ^ Leyden, John. "Duqu 2.0 malware buried into Windows PCs using 'stolen Foxconn certs'". The Register. Retrieved 2015-06-16. 
  6. ^ The Duqu 2.0 Targeted Attacks