One of the leading anti-virus software providers has revealed that its own systems were recently compromised by hackers.
Kaspersky Lab said that it had detected the breach in the “early spring”, and described it as “one of the most sophisticated campaigns ever seen”.
The malware does not write any files to disk, but instead resides in affected computers’ memory, making it relatively hard to detect.
Kaspersky linked the attack to the unidentified creators of an earlier Trojan named Duqu, which made headlines in 2011 after being used in attacks on Iran, India, France and Ukraine.
As before, the hackers are said to have exploited Microsoft software to achieve their goal.
Last time they made use of a flaw in Word.
This time, Kaspersky said, the malware was spread using Microsoft Software Installer files, which are commonly used by IT staff to install programs on remote computers.
“This highly sophisticated attack used up to three zero-day [previously unknown] exploits, which is very impressive – the costs must have been very high,” commented Costin Raiu, director of Kaspersky Lab’s global research and analysis team.
He warned that the firm had evidence “Duqu 2.0” attacks had also been made on other targets, including several venues used for talks between Iran and the West about Iran’s nuclear programme.
The chief research officer of a rival computer security firm said he had had only a brief chance to look into the allegations, but added that it did appear to be a “big deal”.
“Duqu 2.0 seems to be the biggest [cybersecurity] news of the year so far – it’s major new malware from a major source,” said Mikko Hypponen, chief research officer at F-Secure.
“But we have previously seen security companies used as a way to reach other targets.
“The prime example of this was RSA, which got hacked four years ago, when we believe the target was a defence contractor in the US, which used RSA’s technology.”
Kaspersky said that it was “confident” that its clients and partners remained safe.