Duqu 2.0 Attacks with Stolen Digital Certificate of Foxconn

Wired.com reported on 15th June, 2015 stating that the nation-state malware Duqu 2.0 used a digital certificate which was stolen from Foxconn, one of the world's top electronics manufacturers, to hack Kaspersky Lab, a Russian security firm, along with hotels associated with Iranian nuclear negotiations.

The Taiwanese firm (referring to Foxconn) manufactures hardware for majority of tech players including Dell, Apple, Microsoft and Google who manufactures brands like iPads, iPhones and PlayStation 4s. Taiwanese companies have been productive for this hacking group who many believe to be Israeli: This is at least fourth time that this hacking group used a digital certificate taken from a Taiwan based organization to get their malware installed successfully into systems.

It is fact that the attackers seem to have used different certificate with each attack instead of using the same certificate in various attack campaigns which suggests that they have huge stock of stolen certificates. Wired.com published news on 15th June, 2015 quoting Costin Raiu, Director of Global Research and Analysis Team of Kaspersky as saying "This fact is certainly alarming."

The news follows recent revelation by Kaspersky that Duqu 2.0 remained undetected on its servers for months and then used three Windows zero-days to attack US and other powers of world while negotiating with Iran. Duqu 2.0 exists exclusively in the memory of the computer with nil data written to disk. The malware is seen as a development of the earlier Duqu worm which is a toolkit of a cyber-espionage found in 2011 and linked to the infamous Stuxnet worm.

SCMagazineUK.com reported on 15th June quoting Vicente Diaz, Principal Security Researcher of Kaspersky Lab, as saying "It is not that easy to steal a valid certificate but Duqu group was able to do that. Maybe they have stolen digital certificates which were ready to be used for any attack and would upset the trust chain required for activating the encryption setup because we trust these certification authorities. However, if we cannot trust these, then the whole mechanism for encryption depending on certification authorities becomes at stake which is one of the pillars of Internet."

» SPAMfighter News - 6/23/2015