Duqu 2.0

Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions.^[1] The malware, which infected Kaspersky Lab for months without their knowledge,^[2] is believed to be the work of Unit 8200, an Israeli Intelligence Corps unit of the Israel Defense Forces. The New York Times alleges this breach of Kaspersky in 2014 is what allowed Israel to notify the US of Russian hackers using Kaspersky software to retrieve sensitive data.^[3]

zero-day exploits,^[5] and would have required funding and organization consistent with a government intelligence agency.^[6]

According to Kaspersky, "the philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world."[7]

References

^ "Iran nuclear talks: Israel denies bugging venues". BBC News. 11 June 2015. Retrieved 23 June 2017.
^ Hackers PWNED Kaspersky Lab servers for months -- Duqu 2.0 blamed on Israel By Richi Jennings, Computerworld | JUN 11, 2015
ISSN 0362-4331
. Retrieved 2019-12-13.

^ Gibbs, Samuel (11 June 2015). "Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue". The Guardian. Retrieved 23 June 2017.

S2CID 13469758
. Retrieved 24 July 2017.

^ Leyden, John. "Duqu 2.0 malware buried into Windows PCs using 'stolen Foxconn certs'". The Register. Retrieved 2015-06-16.

^ The Duqu 2.0 Targeted Attacks

v
t
e
Hacking in the 2010s
← 2000s
Timeline
2020s →
Major incidents
2010

Operation Aurora (publication of 2009 events)

Australian cyberattacks

Operation Olympic Games

Operation ShadowNet

Operation Payback

2011

Canadian government

DigiNotar

DNSChanger

HBGary Federal

Operation AntiSec

PlayStation network outage

RSA SecurID compromise

2012

LinkedIn hack

Stratfor email leak

Operation High Roller

2013

South Korea cyberattack

Snapchat hack

Cyberterrorism Attack of June 25

2013 Yahoo! data breach

Singapore cyberattacks

2014

Anthem medical data breach

Operation Tovar

2014 celebrity nude photo leak

2014 JPMorgan Chase data breach

2014 Sony Pictures hack

Russian hacker password theft

2014 Yahoo! data breach

2015

Office of Personnel Management data breach

Hacking Team

Ashley Madison data breach

VTech data breach

Ukrainian Power Grid Cyberattack

SWIFT banking hack

2016

Bangladesh Bank robbery

Hollywood Presbyterian Medical Center ransomware incident

Commission on Elections data breach

Democratic National Committee cyber attacks

Vietnam Airport Hacks

DCCC cyber attacks

Indian Bank data breaches

Surkov leaks

Dyn cyberattack

Russian interference in the 2016 U.S. elections

2016 Bitfinex hack

2017

SHAttered

2017 Macron e-mail leaks

WannaCry ransomware attack

Westminster data breach

Petya and NotPetya
2017 Ukraine ransomware attacks

Vault7 data breach

Equifax data breach

Deloitte breach

Disqus breach

2018

Trustico

Atlanta cyberattack

SingHealth data breach

2019

Sri Lanka cyberattack

Baltimore ransomware attack

Bulgarian revenue agency hack

WhatsApp snooping scandal

Jeff Bezos phone hacking incident

Hacktivism

Anonymous
associated events

CyberBerkut

GNAA

Goatse Security

Lizard Squad

LulzRaft

LulzSec

New World Hackers

NullCrew

OurMine

PayPal 14

RedHack

Teamp0ison

TDO

UGNazi

Ukrainian Cyber Alliance

Advanced
persistent threats

Bangladesh Black Hat Hackers

Bureau 121

Charming Kitten

Cozy Bear

Dark Basin

DarkMatter

Elfin Team

Equation Group

Fancy Bear

GOSSIPGIRL (confederation)

Guccifer 2.0

Hacking Team

Helix Kitten

Iranian Cyber Army

Lazarus Group (BlueNorOff) (AndAriel)

NSO Group

Numbered Panda

PLA Unit 61398

PLA Unit 61486

PLATINUM

Pranknet

Red Apollo

Rocket Kitten

Stealth Falcon

Syrian Electronic Army

Tailored Access Operations

The Shadow Brokers

Yemen Cyber Army

Individuals

George Hotz

Guccifer

Jeremy Hammond

Junaid Hussain

Kristoffer von Hassel

Mustafa Al-Bassam

MLT

Ryan Ackroyd

Sabu

Topiary

Track2

The Jester

Major vulnerabilities
publicly disclosed

Evercookie (2010)

iSeeYou (2013)

Heartbleed (2014)

Shellshock (2014)

POODLE (2014)

Rootpipe (2014)

Row hammer (2014)

SS7 vulnerabilities
(2014)

JASBUG (2015)

Stagefright (2015)

DROWN (2016)

Badlock (2016)

Dirty COW (2016)

Cloudbleed (2017)

Broadcom Wi-Fi (2017)

EternalBlue (2017)

DoublePulsar (2017)

Silent Bob is Silent (2017)

KRACK (2017)

ROCA vulnerability (2017)

BlueBorne (2017)

Meltdown (2018)

Spectre (2018)

EFAIL (2018)

Exactis (2018)

Speculative Store Bypass (2018)

Lazy FP state restore (2018)

TLBleed (2018)

SigSpoof (2018)

Foreshadow (2018)

Dragonblood (2019)

Microarchitectural Data Sampling (2019)

BlueKeep (2019)

Kr00k (2019)

Malware
2010

Bad Rabbit

Black Energy 2

SpyEye

Stuxnet

2011

Coreflood

Alureon

Duqu

Kelihos

Metulji botnet

Stars

2012

Carna

Dexter

FBI

Flame

Mahdi

Red October

Shamoon

2013

CryptoLocker

DarkSeoul

2014

Brambul

Black Energy 3

Carbanak

Careto

DarkHotel

Duqu 2.0

FinFisher

Gameover ZeuS

Regin

2015

Dridex

Hidden Tear

Rombertik

TeslaCrypt

2016

Hitler

Jigsaw

KeRanger

Necurs

MEMZ

Mirai

Pegasus

Petya and NotPetya

X-Agent

2017

BrickerBot

Kirk

LogicLocker

Rensenware

Triton

WannaCry

XafeCopy

2018

VPNFilter

2019

Grum

Joanap

NetTraveler

R2D2

Tinba

Titanium

ZeroAccess botnet

This computer security article is a stub. You can help Wikipedia by expanding it.
v
t
e

Retrieved from "https://en.wikipedia.org/w/index.php?title=Duqu_2.0&oldid=1206028368"

[1] "Iran nuclear talks: Israel denies bugging venues". BBC News. 11 June 2015. Retrieved 23 June 2017.

[2] Hackers PWNED Kaspersky Lab servers for months -- Duqu 2.0 blamed on Israel By Richi Jennings, Computerworld | JUN 11, 2015

[3] ISSN 0362-4331
. Retrieved 2019-12-13.

[4] Gibbs, Samuel (11 June 2015). "Duqu 2.0: computer virus 'linked to Israel' found at Iran nuclear talks venue". The Guardian. Retrieved 23 June 2017.

[5] S2CID 13469758
. Retrieved 24 July 2017.

[6] Leyden, John. "Duqu 2.0 malware buried into Windows PCs using 'stolen Foxconn certs'". The Register. Retrieved 2015-06-16.

[7] The Duqu 2.0 Targeted Attacks

[1]

[2]

[3]

[5]

[6]

See also

References