I\u2019ve got some bad news and some good news.<\/p>\n
The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several\u00a0zero-day vulnerabilities<\/a>, and we\u2019re quite confident that there\u2019s a nation state behind it. We\u2019ve called it\u00a0Duqu 2.0<\/a>. Why Duqu 2.0 and what it has in common with the original\u00a0Duqu<\/a>? \u2013 See\u00a0here<\/a>.<\/p>\n The first bit of good news is that we found something\u00a0really<\/em>\u00a0big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a\u00a0generation<\/em>\u00a0ahead of anything we\u2019d seen earlier \u2013 it uses a number of tricks that make it really difficult to detect and neutralize. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed; however, we did manage to detect it \u2013 with the alpha version of our Anti-APT<\/a>\u00a0solution, designed to tackle even the most sophisticated targeted attacks.<\/p>\n @kaspersky nails nation-state attack on its network. Products & services not compromised; no risks for customers<\/p>Tweet<\/a><\/blockquote>\n Most importantly, neither our products nor services have been compromised, so our customers face no risks whatsoever due to the breach.<\/p>\n The attackers were interested in learning about our technologies, particularly our\u00a0Secure Operating System<\/a>,\u00a0Kaspersky Fraud Prevention<\/a>,\u00a0Kaspersky Security Network<\/a>, Anti-APT solution, and services. The bad guys also wanted to find out about our ongoing investigations and learn about our detection methods and analysis capabilities. Since we\u2019re well known for successfully fighting sophisticated threats they sought this information to try stay under our radar. No chance.<\/p>\n Attacking us was hardly the smart move: they\u2019ve now lost a very expensive technologically-advanced framework they\u2019d been developing for years. Besides, they tried to spy on our technologies\u2026 which are accessible under licensing agreements (at least some of them)!<\/p>\n #Duqu2 tried to steal @kaspersky technologies and snoop on ongoing investigations to stay under the radar<\/p>Tweet<\/a><\/blockquote>\n We\u2019ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran\u2019s nuclear program and in the 70th anniversary event of the liberation of Auschwitz. Though the internal investigation is still underway we\u2019re confident that the prevalence of this attack is much wider and has included more top ranking targets from various countries. I also think it\u2019s highly likely that after we detected Duqu 2.0 the people behind the attack wiped their presence on the infected networks to prevent exposure.<\/p>\n We, in turn, will use this attack to improve our defensive technologies. New knowledge is always helpful, and better threat intelligence assists us in developing better protection. And of course, we\u2019ve already added the detection of Duqu 2.0 to our products. So, in fact, there\u2019s not really much bad news here at all.<\/p>\n As mentioned, our investigation is still underway; it will require a few more weeks to get the whole picture in all its detail. However, we\u2019ve already verified that the source code of our products is intact. We can confirm that our malware databases have not been affected, and that the attackers had no access to our customers\u2019 data.<\/p>\n You may ask at this point why we\u2019ve disclosed this information, or whether we\u2019re afraid it may damage our reputation.<\/p>\n Well, first,\u00a0not<\/em>\u00a0disclosing \u2013 that would be like not reporting a car accident with casualties to the police because it may hurt your no-claims bonus. Besides, we know the anatomy of targeted attacks well enough to understand there\u2019s nothing to be ashamed of in disclosing such an attack \u2013 they can happen to anyone. (Remember: there are two just types of companies \u2013 those that have been attacked and those that don\u2019t know they\u2019ve been attacked.) By disclosing the attack we (i) send a signal to the public and question the validity \u2013 and morality \u2013 of presumably a state-sponsored attacks against private business in general, and security companies in particular; and (ii) share our knowledge with other businesses to help them protect their assets. Even if it does hurt \u2018reputation\u2019 \u2013 I don\u2019t care. Our mission is to save the world, and that admits no compromise.<\/p>\n Let me say this\u00a0again<\/a>: we don\u2019t attribute attacks. We\u2019re security experts \u2013 the best \u2013 and we don\u2019t want to dilute our core competence by getting into politics. At the same time, as a committed supporter of responsible disclosure we\u2019ve filed statements with law enforcement agencies in several countries for them to start criminal investigations. We also reported the detected zero-day to Microsoft, which in turn recently\u00a0patched<\/a>\u00a0it (don\u2019t forget to install the Windows update).<\/p>\n I just want to let everybody do their job and see the world change for the better.<\/p>\n Wrapping up this announcement I\u2019d like to share a very serious concern.<\/p>\n Governments attacking IT security companies is simply outrageous. We\u2019re supposed to be on the same side as responsible nations, sharing the common goal of a safe and secure cyberworld. We share our knowledge to fight cybercrime and help investigations become more effective. There are many things we do together to make this cyberworld a better place. But now we see some members of this \u2018community\u2019 paying no respect to laws, professional ethics or common sense.<\/p>\n To me, it\u2019s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare. If various murky groups \u2013 often government-linked \u2013 treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk. So I\u2019m\u00a0once again<\/a>\u00a0calling on all responsible governments to come together and agree on such rules, and to fight\u00a0against<\/em>\u00a0cybercrime and malware, not sponsor and promote it.<\/p>\nThe good news \u2013 pt. 1: We uncovered it<\/h3>\n
The good news \u2013 pt. 2: Our customers are safe<\/h3>\n
The details<\/h3>\n
Who\u2019s behind the attack? What nation?<\/h3>\n