Kaspersky Security Firm Admits it Was Hacked

kasperskyKaspersky, one of the largest cyber-security firms in the world confirmed that it had been hacked.

According to the company, the sophisticated attack stayed away from user information and focused instead on Kaspersky’s own systems and intellectual property. The company has since fixed the hole that allowed for the attack. Kaspersky Lab CEO and founder Eugene Kaspersky wrote, “We discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.”

What’s troubling is how many e-commerce business owners can see a company like Kaspersky get hacked and still blindly believe that hackers will somehow deem their company unfit or unworthy to hack. PCI compliant vulnerability scans are now required for any company that accepts credit cards. But some companies still only scan their sites quarterly instead of daily, fully aware that hundreds of new vulnerabilities are discovered each and every month.

Kaspersky dubbed this attack Duqu 2.0. It’s named after a specific series of malware called Duqu, which was considered to be related to the Stuxnet attack that targeted states like Iran, India, France, and the Ukraine in 2011.

The attackers behind Duqu 2.0 were hoping to infiltrate Kaspersky’s networks to learn more about its services, the blog post revealed. It added that the group behind Duqu 2.0 “also spied on several prominent targets.” The hackers, in their attempt to infiltrate Kaspersky, clued the company into the next generation spying technologies hackers are developing.  “They’ve now lost a very expensive technologically-advanced framework they’d been developing for years.”


Speak Your Mind