Duqu 2.0
Computer malware
Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions.[1] The malware, which infected Kaspersky Lab for months without their knowledge,[2] is believed to be the work of Unit 8200, an Israeli Intelligence Corps unit of the Israel Defense Forces. The New York Times alleges this breach of Kaspersky in 2014 is what allowed Israel to notify the US of Russian hackers using Kaspersky software to retrieve sensitive data.[3]
Kaspersky discovered the malware, and Symantec confirmed those findings. The malware is a variant of Duqu, and Duqu is a variant of Stuxnet. The software is "linked to Israel", according to The Guardian.[4] The software used three zero-day exploits,[5] and would have required funding and organization consistent with a government intelligence agency.[6]
According to Kaspersky, "the philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world."[7]
See also
References
- ^ "Iran nuclear talks: Israel denies bugging venues". BBC News. 11 June 2015. Retrieved 23 June 2017.
- ^ Hackers PWNED Kaspersky Lab servers for months -- Duqu 2.0 blamed on Israel By Richi Jennings, Computerworld | JUN 11, 2015
- ^ Perlroth, Nicole; Shane, Scott (2017-10-10). "How Israel Caught Russian Hackers Scouring the World for U.S. Secrets". The New York Times. ISSN 0362-4331. Retrieved 2019-12-13.
- ^ Gibbs, Samuel (11 June 2015). "Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue". The Guardian. Retrieved 23 June 2017.
- ^ Maynard, Peter; McLaughlin, Kieran; Sezer, Sakir (February 2016). "Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction". ICISSP: 465–472. doi:10.5220/0005745704650472. ISBN 978-989-758-167-0. S2CID 13469758. Retrieved 24 July 2017.
- ^ Leyden, John. "Duqu 2.0 malware buried into Windows PCs using 'stolen Foxconn certs'". The Register. Retrieved 2015-06-16.
- ^ The Duqu 2.0 Targeted Attacks
- v
- t
- e
Hacking in the 2010s
| ← 2000s | Timeline | 2020s → |
| 2010 |
|
|---|---|
| 2011 | |
| 2012 | |
| 2013 | |
| 2014 | |
| 2015 | |
| 2016 |
|
| 2017 | |
| 2018 | |
| 2019 |
persistent threats
- Bangladesh Black Hat Hackers
- Bureau 121
- Charming Kitten
- Cozy Bear
- Dark Basin
- DarkMatter
- Elfin Team
- Equation Group
- Fancy Bear
- GOSSIPGIRL (confederation)
- Guccifer 2.0
- Hacking Team
- Helix Kitten
- Iranian Cyber Army
- Lazarus Group (BlueNorOff) (AndAriel)
- NSO Group
- Numbered Panda
- PLA Unit 61398
- PLA Unit 61486
- PLATINUM
- Pranknet
- Red Apollo
- Rocket Kitten
- Stealth Falcon
- Syrian Electronic Army
- Tailored Access Operations
- The Shadow Brokers
- Yemen Cyber Army
- George Hotz
- Guccifer
- Jeremy Hammond
- Junaid Hussain
- Kristoffer von Hassel
- Mustafa Al-Bassam
- MLT
- Ryan Ackroyd
- Sabu
- Topiary
- Track2
- The Jester
publicly disclosed
- Evercookie (2010)
- iSeeYou (2013)
- Heartbleed (2014)
- Shellshock (2014)
- POODLE (2014)
- Rootpipe (2014)
- Row hammer (2014)
- SS7 vulnerabilities (2014)
- JASBUG (2015)
- Stagefright (2015)
- DROWN (2016)
- Badlock (2016)
- Dirty COW (2016)
- Cloudbleed (2017)
- Broadcom Wi-Fi (2017)
- EternalBlue (2017)
- DoublePulsar (2017)
- Silent Bob is Silent (2017)
- KRACK (2017)
- ROCA vulnerability (2017)
- BlueBorne (2017)
- Meltdown (2018)
- Spectre (2018)
- EFAIL (2018)
- Exactis (2018)
- Speculative Store Bypass (2018)
- Lazy FP state restore (2018)
- TLBleed (2018)
- SigSpoof (2018)
- Foreshadow (2018)
- Dragonblood (2019)
- Microarchitectural Data Sampling (2019)
- BlueKeep (2019)
- Kr00k (2019)
| 2010 |
|
|---|---|
| 2011 | |
| 2012 | |
| 2013 | |
| 2014 |
|
| 2015 | |
| 2016 | |
| 2017 | |
| 2018 | |
| 2019 |
|
 | This computer security article is a stub. You can help Wikipedia by expanding it. |
- v
- t
- e
