Kaspersky Lab does not rule out that the highly sophisticated virus could be “state-sponsored.”
“As a software company, we can estimate the investment into a software project. This is a software project. How much did they invest to develop it, to test and to support it? I think it’s at least $10 million, maybe more. Maybe much more, because we still don’t know many victims there are affected around the world,” Kaspersky explained.
Over the last 18 months, the negotiations took place in various hotels in Austria, Switzerland, Oman and elsewhere, with Kaspersky Lab not revealing the names of the affected hotels.
To Kaspersky’s “surprise,” his Lab has also been targeted by the cyber spies. Kaspersky Lab just recently discovered the hack on its own network as the company was testing a new program, which was aimed at tracking exactly the type of attack that the perpetrators performed.
“They were also looking for the technical information, technologies and research we do with malware,” Kaspersky said. “So it seems these guys were interested in very different kinds of information,” he added.
Government Spies Are Now Hacking Cybersecurity Firms http://t.co/TW90UcYe51 via @motherboard
In the official statement, Kaspersky revealed that its “Secure Operating System, Kaspersky Fraud Prevention, Kaspersky Security Network, Anti-APT solution, and services” were targeted.
“The thinking behind it is a generation ahead of anything we’d seen earlier – it uses a number of tricks that make it really difficult to detect and neutralize,” Kaspersky wrote.
Kaspersky Lab has also found out that “the group behind Duqu 2.0 also spied on several prominent targets.”
Thus, the 70th anniversary of the liberation of the Auschwitz-Birkenau concentration camps, which was attended by many heads of state, was also among the victims.
While the investigation in the attacks is still underway, the company is confident that “the prevalence of this attack is much wider and has included more top ranking targets from various countries.”
Duqu 2 resembles the Duqu spyware, which was used to hack a certificate authority in Hungary in 2011 and, had plenty of similarities with Stuxnet, the digital weapon that sabotaged Iranian nuclear program back in 2010.
But unlike the original Duqu, which consisted of just six modules, its updated version constitutes a large 19-megabyte toolkit with various plugins.
Kaspersky Lab is still working on establishing the exact amount of data that was stolen from its networks.
However, it seems unlikely that the hackers tried to infect the 400 million Kaspersky customers worldwide after hacking the company’s network.