You are here

Cyberattack targeted Iran nuclear talks venues — Kaspersky Lab

By Reuters - Jun 10,2015 - Last updated at Jun 10,2015

Iran's Ambassador to the International Atomic Energy Agency Reza Najafi waits for the start of a board of governors meeting at the IAEA headquarters in Vienna, Austria, on Wednesday (Reuters photo)

GENEVA/BERLIN — A computer virus was used to hack into venues linked to international talks on Iran's nuclear programme, Russian computer security company Kaspersky Lab said on Wednesday.

The Wall Street Journal said the virus was widely believed to be used by Israeli spies and Kaspersky had linked it to "three luxury European hotels" used in the negotiations involving Iran and six world powers.

Other victims of Duqu had been found in Western countries, the Middle East and Asia, it said in an emailed statement.

"Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal," the statement said.

"P5+1" refers to the six world powers negotiating with Iran on curbs to its disputed nuclear programme — the United States, Russia, China, Britain, France and Germany. The talks have been held in Geneva, Lausanne, Montreux, Munich and Vienna.

In February, the United States accused Israel of using selective leaks from the talks to distort the US position.

Israel has denounced the diplomatic opening to Iran, saying it doubts any agreement arising from the talks will sufficiently restrain the nuclear programme of its arch-enemy.

The West suspects Iran wants to develop a nuclear weapons capability from its enrichment of uranium. Iran says it wants nuclear energy only for electricity and medical isotopes.

During various rounds of the talks, Israeli officials said they knew what was being discussed from various sources including intelligence gathering and information relayed by allies.

The officials did not elaborate on the latter, but asserted that Israel never spied on the United States, its closest ally.

Another Duqu 2.0 attack, Kaspersky said, was carried out "in relation to" the commemoration of the 70th anniversary in January this year of the liberation of the Auschwitz-Birkenau Nazi concentration camp in Poland.

That ceremony was attended by the heads of state of Germany, France, Britain and other nations.

Duqu similar to Stuxnet ‘worm’

Kaspersky said Duqu 2.0 had evolved from an earlier family of malware called Duqu uncovered in 2011 that had been deployed against unidentified targets for years before it was discovered.

Symantec, a US software and cybercurity firm, has said that earlier versions of Duqu bore similarities to Stuxnet, a computer "worm" that partially sabotaged Iran's nuclear programme in 2009-2010 by destroying a thousand or more centrifuges that were enriching uranium. Kaspersky said it does not have enough data to draw a link between Stuxnet and Duqu.

"Kaspersky Lab believes this is a nation state-sponsored campaign," it said, adding that as a security researcher it focuses on uncovering the technical details of malware but seeks to steer clear of drawing political conclusions.

The Moscow-based company, a supplier of anti-virus software and other security tools, said it discovered the advanced malware earlier in the spring as a result of attacks it had seen on a number of organisations, including Kaspersky itself. It said it is confident its products are secure against the attack.

At a news conference in London held to discuss its findings, Eugene Kaspersky, chief executive of the company that bears his name, said malicious software designed by cyberspies often finds its way into the hands of cybercriminals, and thereby poses a far wider threat in a world that now relies on the Internet.

"Cybercriminals are copying the technologies from the state-sponsored attacks. They educate the bad guys," Kaspersky said.

His company found that Duqu 2.0 was designed to spy on its technology, research and internal processes. As a top research firm that shares its findings with the rest of the security industry, knowing what Kaspersky knew would allow cyberspies to craft fresh attacks to evade detection for new campaigns.

The security research firm said Duqu 2.0 was spread via Microsoft Software Installer files, which are commonly used by technical administrators to install and update software on Windows computers within an organisation. The attack had some unique and never before seen features and left almost no traces.

 

Microsoft was not immediately available for comment.

up
76 users have voted, including you.


Newsletter

Get top stories and blog posts emailed to you each day.

PDF