Kaspersky may have been an indirect target of larger cyberattack


Antivirus company Kaspersky revealed that its systems had been recently hacked, but the company is adamant that clients and partners are safe. Kaspersky believes that the hack was carried out by a nation-state looking to access other targets.

"We discovered an advanced attack on our own internal networks," CEO Eugene Kaspersky wrote on the company's blog. "It was complex, stealthy, it exploded several zero-day vulnerabilities, and we're quite confident that there's a nation state behind it."

The sophisticated attack, called Duqu 2.0, is said to involve three previously unknown zero-day techniques. Kaspersky believes the attack was detected at an early stage, but it will continue to check its systems.

Duqu 2.0

Described as "one of the most sophisticated campaigns ever seen," the Duqu 2.0 hack is believed to be related to the 2011 Stuxnet attacks against countries like Iran, India, Ukraine and France. The attack was discovered in early spring.

The hack exploited vulnerabilities in Microsoft's software installer files, which allows IT managers to install software on remote computers.

Kaspersky as a middle-man target

The goal of the Kaspersky attack is still unclear. One theory is that Kaspersky may be used as a target to reach other targets, something that Kaspersky implied as it stated that the attack was used to spy on "several prominent targets."

If this is the case, it would be similar to the RSA attack a few years ago where the target was a US defense contractor.

"Spying on cybersecurity companies is a very dangerous tendency," said Kaspersky.