How did they manage to break Kaspersky Lab?

State-owned malware used for hacking in the Russian security firm Kaspersky Lab used a digital certificate stolen from one of the world's leading electronics manufacturers: Foxconn.

The company from Taiwan manufactures hardware for most and largest technology companies, such as Apple, Dell, Google and Microsoft.

No one can say for sure why the attackers used digital certificates from Taiwanese companies but may have done so intentionally, trying to create false impressions that the attacks are being carried out by China, says Costin Raiu, director of the Global Research and Analysis Team of Kaspersky Lab.Kaspersky Lab Foxconn Kaspersky Lab

Digital certificates are something like passports that software developers use to sign and validate their code.
To hide malicious software behind a legitimate digital certificate, you must first steal it by violating the company that uses it.

The attack against Kaspersky Lab, with the malware called Duqu 2.0, is considered to have been carried out by the same hackers responsible for the previous Duqu attacks that 2011 revealed.
Too many people also believe that hackers themselves have played a major role in the spread of Stuxnet, a digital weapon used to attack Iran's nuclear program.

While Stuxnet is likely to be created jointly by US and Israeli groups, many researchers believe that Israel has developed Duqu 1.0 and Duqu 2.0 on its own.

In all attacks by Stuxnet, Duqu 1.0 and Duqu 2,0, attackers used digital certificates from Taiwan-based companies.

Two digital certificates were used by Stuxnet. One was from RealTek Semiconductor and the other from JMicron. Both companies are located in Hsinchu Science and Industrial Park in Hsinchu City, Taiwan.
Duqu 1,0 has used a digital certificate from C-Media Electronics, a digital audio manufacturing company located in Taipei, Taiwan.

The fourth digital certificate was stolen from Foxconn, which has its headquarters in Tucheng, New Taipei City, Taiwan and is about 40 miles away from RealTek and JMicron.

The fact that the intruders seem to have used a different certificate in each attack shows that they have a fairly large stock of stolen certs. "Something that is definitely worrying," says Raiu.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).