Virus Type: Malware / Espionage Too
Duqu 2.0 is a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities with infections linked to the P5+1 events and venues for high level meetings between world leaders.
The attacks included some unique and earlier unseen features such as the code existing only in operative memory. It almost didn’t leave traces.
The philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world.
Duqu 2.0 has been used to attack a complex range of targets at the highest levels with similarly varied geo-political interests. Victims have been found in Western countries, as well as in countries in the Middle East and Asia.
The list of indicators of compromise is available on Securelist.com
Procedures for protection from Duqu 2.0 have been added to the company’s products. Kaspersky Lab’s products detect this threat as HEUR:Trojan.Win32.Duqu2.gen.
More details on the Duqu 2.0 malware and Indicators of Compromise can be found in the technical report.
General guidance on mitigating APTs is available in the article “How to mitigate 85% of all targeted attacks using 4 simple strategies ”.