The state malware used to hack Russian security firm Kaspersky Lab, used a digital certificate stolen from one of the world's leading electronics manufacturers: Foxconn.
The company from Taiwan manufactures the hardware for most and the largest technology companies, such as Apple, Dell, the Google and Microsoft.
No one can say for sure why the attackers used digital certificates from Taiwanese companies, but they may have done so deliberately, trying to create the false impression that the attacks were being carried out by China, αναφέρει ο Costin Raiu, διευθυντής της Global Research and Analysis Team of Kaspersky Lab.
Digital certificates are something like passports that software developers use to sign and validate their code.
To hide malicious software behind a legitimate digital certificate, you must first steal it by violating the company that uses it.
The attack against Kaspersky Lab, with the malware called Duqu 2.0, is considered to have been carried out by the same hackers responsible for the previous Duqu attacks that 2011 revealed.
Too many people also believe that hackers themselves have played a major role in the spread of Stuxnet, a digital weapon used to attack Iran's nuclear program.
While Stuxnet is likely to be created jointly by US and Israeli groups, many researchers believe that Israel has developed Duqu 1.0 and Duqu 2.0 on its own.
In all attacks by Stuxnet, Duqu 1.0 and Duqu 2,0, attackers used digital certificates from Taiwan-based companies.
Two digital certificates were used by Stuxnet. One was from RealTek Semiconductor and the other from JMicron. Both companies are located in Hsinchu Science and Industrial Park of Hsinchu City in Taiwan.
Duqu 1,0 has used a digital certificate from C-Media Electronics, a digital audio manufacturing company located in Taipei, Taiwan.
The fourth digital certificate was stolen from Foxconn, which has its headquarters in Tucheng, New Taipei City, Taiwan and is about 40 miles away from RealTek and JMicron.
The fact that the intruders seem to have used a different certificate in each attack shows that they have a fairly large stock of stolen certs. "Something that is definitely worrying," says Raiu.