Breaking News Emails
A computer virus was used to hack into computers in European hotels that were hosting talks last year on Iran's nuclear program, according to a report released Wednesday from Kaspersky Lab ZAO.
The Moscow-based cybersecurity firm identified the offending malware as "Duqu 2.0" and described it as the "step-brother of Stuxnet" — a virus that was used to sabotage Iranian nuclear centrifuges in 2009. According to classified documents leaked by Edward Snowden, Stuxnet was developed by the United States and Israel. Duqu 2.0 is a more advanced version of a virus called Duqu discovered in 2011, the Kaspersky report said.
Kaspersky discovered Duqu 2.0 on its own internal systems last year. It determined that the virus was used to target three European hotels that were hosting diplomatic efforts between the five permanent members of the U.N. Security Council plus Germany, otherwise known as P5+1, and Iran over the latter's nuclear program.
"Most of the final targets appear to be similar to their 2011 goals — which is to spy on Iran’s nuclear program," the report said.
Kaspersky said the attack originated in one of its satellite offices in Asia. While details are unclear, the company said it suspects that "spear-phishing e-mails played an important role" — meaning an employee clicked on a malicious link or attachment from an email that appeared to be from a trusted source.
The Wall Street Journal, which originally reported the story, cited "current and former U.S. officials and many cybersecurity experts" as saying they believed Duqu "was designed to carry out Israel’s most sensitive intelligence-collection operations."
Kaspersky did not name Israel as the nation behind Duqu 2.0. Asked about the Kaspersky report, a spokesman for the CIA told NBC News that the agency had "nothing for you on this."
"This is definitely not the work of some amateurs," Vikram Thakur, senior manager at Symantec Security Response, told NBC News.
"We do believe that this is the handiwork of some nation-state," he said. "Whether it's country A or B, that's not something that we can comment on, because honestly we don't know."
What seems clear, Thakur said, is that Duqu 2.0 is very advanced and was written by the same people who created the first Duqu.
Adam Segal, cybersecurity expert for the Council on Foreign Relations, was not surprised by the report.
"We have seen malware targeting every large international forum," Segal told NBC News. "I think it's already common and will continue to be common."