The government malware used to hacking στην ρωσική εταιρεία ασφαλείας Kaspersky Lab, χρησιμοποίησε ένα ψηφιακό πιστοποιητικό που είχε κλαπεί από έναν από τους κορυφαίους κατασκευαστές ηλεκτρονικών συσκευών στον κόσμο: την Foxconn.
The company from Taiwan manufactures hardware for most and largest technology companies, such as Apple, Dell, Google and Microsoft.
No one can say for sure why the attackers used digital certificates from Companies of Taiwan, but they may have done so deliberately, trying to create a false impression that the attacks are being carried out from China, says Costin Raiu, director of Kaspersky Lab's Global Research and Analysis Team.
Digital certificates are like passports that software developers use to sign and validate the code their.
To hide malicious software behind a legitimate digital certificate, you must first steal it by violating the company that uses it.
The attack against Kaspersky Lab, with the malware called Duqu 2.0, is considered to have been carried out by the same hackers responsible for the previous Duqu attacks that 2011 revealed.
Too many also believe that hackers themselves have played a large role in its spread Stuxnet, a digital weapon used to attack Iran's nuclear program.
While Stuxnet is likely to be created jointly by US and Israeli groups, many researchers believe that Israel has developed Duqu 1.0 and Duqu 2.0 on its own.
In all attacks by Stuxnet, Duqu 1.0 and Duqu 2,0, attackers used digital certificates from Taiwan-based companies.
Two digital certificates were used by Stuxnet. One was from RealTek Semiconductor and the other from JMicron. Both companies are located in Hsinchu Science and Industrial Park in Hsinchu City, Taiwan.
Duqu 1,0 has used a digital certificate from C-Media Electronics, a digital audio manufacturing company located in Taipei, Taiwan.
The fourth digital certificate was stolen from Foxconn, which has its headquarters in Tucheng, New Taipei City, Taiwan and is about 40 miles away from RealTek and JMicron.
The fact that the intruders seem to have used a different certificate in each attack shows that they have a fairly large stock of stolen certs. "Something that is definitely worrying," says Raiu.
