The Duqu 2.0 Targeted Attacks
Virus Type: Malware / Espionage Too Duqu 2.0 is a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities with infections linked to the P5+1 events and venues for high level meetings between world leaders. The attacks included some unique and earlier unseen features such as the code existing only in operative memory. It almost didn’t leave traces. The philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world. Duqu 2.0 has been used to attack a complex range of targets at the highest levels with similarly varied geo-political interests. Victims have been found in Western countries, as well as in countries in the Middle East and Asia. The list of indicators of compromise is available on Securelist.com Procedures for protection from Duqu 2.0 have been added to the company’s products. Kaspersky Lab’s products detect this threat as HEUR:Trojan.Win32.Duqu2.gen. More details on the Duqu 2.0 malware and Indicators of Compromise can be found in the technical report. General guidance on mitigating APTs is available in the article “How to mitigate 85% of all targeted attacks using 4 simple strategies ”.VIRUS DEFINITION
What is Duqu 2.0?
Who are the victims of Duqu 2.0?
How do I know if I'm infected or not?
How can I protect myself against the Duqu 2.0 campaign?
