Malware found in hotels holding Iranian nuclear talks

Jun 15, 2015

Building.jpgRecent talks concerning the Iranian nuclear program appear to have hit a snag, but this time it wasn’t due to politics. Negotiations regarding the program were held in three European hotels in late May, all of which have now been identified as victims of a new cyber espionage tool known as Duqu 2.0.

The worm was detected by researchers at Kaspersky Labs after it was reportedly making its way through the company’s system for months. According to the security firm, the malware is almost invisible and highly sophisticated, leading researchers to believe a nation-state was behind the attack.

“We can’t prove attribution because they’re going through proxy servers,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Labs. “There are technical attributions we can read from the code. This attack is a relative, it’s a new generation of the Duqu attack, most probably made by the same people, or they shared the source code with others.”

Kaspersky went on to describe the worm as being a “generation ahead of anything we’d [sic] seen earlier.” The malware utilizes a variety of different tactics to stay hidden and, once installed, exploits multiple zero-day vulnerabilities.

If the fact that hotels hosting Iranian nuclear negotiations were targeted wasn’t suspicious enough, the Duqu 2.0 worm is also directly connected to the infamous Stuxnet cyber weapon believed to have been responsible for damaging an Iranian nuclear facility. Stuxnet was also believed to be the work of nation-state actors. Many security experts have connected the Duqu 2.0 cyber espionage program found hiding in the hotels’ networks back to Israeli counter intelligence, but no country has yet been accused of perpetrating the attack.

Category: Cybersecurity