Iran nuclear talks venues hit by $10mn ‘state-sponsored’ virus – Kaspersky to RT

10 Jun, 2015 21:36 / Updated 9 years ago

The venues of Iranian nuclear talks were targeted by sophisticated spyware, which costs “at least $10 million” and was likely “state-sponsored,” the CEO Kaspersky Lab exclusively told RT. He said his company came under threat as well.

Among the hacks primary targets were hotels and conference halls where P5+1 powers (US, UK, France, China, Russia and Germany) held talks with Iran on its nuclear program.

In its report Kaspersky Lab said that the “infections are linked to the P5 plus 1 events and venues related to the negotiations with Iran about a nuclear deal.”

Dubbed by Kaspersky Duqu 2, it is believed that “the bad guys” penetrated communications, including the Wi-Fi network as well as obtain hotel records on the room numbers of important guests, upload hotel’s CCTV video and sound files recorded by any microphones.

.@arstechnica have a detailed writeup on the #duqu2 attack here - https://t.co/gp8jowhp84pic.twitter.com/oCIUENWmIK

— Kaspersky Lab (@kaspersky) June 10, 2015

“Victims of Duqu 2.0 have been found in several places, including western countries, the Middle East and Asia,” the company said in its report titled “The Duqu 2.0, technical details.”

Eugene Kaspersky, co-founder and CEO of Moscow-based Kaspersky Lab, has confirmed to RT that cyber spies were after “very sensitive data.”

“There could be different motivations,” Kaspersky said. “Of course there is political information, which costs a lot, any other kind of data which is sensitive or very interesting to the attackers.”

Kaspersky Lab does not rule out that the highly sophisticated virus could be “state-sponsored.”

“As a software company, we can estimate the investment into a software project. This is a software project. How much did they invest to develop it, to test and to support it? I think it’s at least $10 million, maybe more. Maybe much more, because we still don’t know many victims there are affected around the world,” Kaspersky explained.

Over the last 18 months, the negotiations took place in various hotels in Austria, Switzerland, Oman and elsewhere, with Kaspersky Lab not revealing the names of the affected hotels.

To Kaspersky’s “surprise,” his Lab has also been targeted by the cyber spies. Kaspersky Lab just recently discovered the hack on its own network as the company was testing a new program, which was aimed at tracking exactly the type of attack that the perpetrators performed.

“They were also looking for the technical information, technologies and research we do with malware,” Kaspersky said. “So it seems these guys were interested in very different kinds of information,” he added.

Government Spies Are Now Hacking Cybersecurity Firms http://t.co/TW90UcYe51 via @motherboard

— Kaspersky Lab (@kaspersky) June 10, 2015

In the official statement, Kaspersky revealed that its “Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network, Anti-APT solution, and services” were targeted.

“The thinking behind it is a generation ahead of anything we’d seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize,” Kaspersky wrote.

Kaspersky Lab has also found out that “the group behind Duqu 2.0 also spied on several prominent targets.”

Thus, the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camps, which was attended by many heads of state, was also among the victims.

While the investigation in the attacks is still underway, the company is confident that “the prevalence of this attack is much wider and has included more top ranking targets from various countries.”

Duqu 2 resembles the Duqu spyware, which was used to hack a certificate authority in Hungary in 2011 and, had plenty of similarities with Stuxnet, the digital weapon that sabotaged Iranian nuclear program back in 2010.

But unlike the original Duqu, which consisted of just six modules, its updated version constitutes a large 19-megabyte toolkit with various plugins.

Kaspersky Lab is still working on establishing the exact amount of data that was stolen from its networks.

However, it seems unlikely that the hackers tried to infect the 400 million Kaspersky customers worldwide after hacking the company’s network.