Leading cyber security firm hacked

Kaspersky Lab, perhaps one of the most well-known cyber security research firms, admitted that their own network was hacked. Though none of their products (or their products source code), their database of malware or customer’s data were compromised in the hack, the firm still thinks there is some bad news here. They opened their own blog post about the hack with:

The bad news is that we discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploited several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.

The malware used in this hack has been called Duqu2 after a similar piece of malware that was discovered in 2011 and investigated by Kaspersky Lab in the same year. It used several Zero-day vulnerabilities, a type of attack that occurs on the same day a weakness is discovered, thus not giving developers time to patch it. Kaspersky claims that whomever committed this attack was looking to get information about the technology the lab produces, their ongoing investigations, and their detection methods and capabilities all in the hopes of being able to one day stay under Kaspersky’s radar. Kaspersky does, however, see a silver lining to all this:

We, in turn, will use this attack to improve our defensive technologies. New knowledge is always helpful, and better threat intelligence assists us in developing better protection. And of course, we’ve already added the detection of Duqu 2.0 to our products. So, in fact, there’s not really much bad news here at all

And though they open the blog post with the bold statement of claiming a nation is behind this hack, they remind the readers that they do not attribute attacks, and vow to remain apolitical, though decrying the attack as ‘outrageous’ and reminding people that governments and security firms are meant to be on the same side – the side of creating a more secure cyber world..