Israel-linked spyware used stolen credentials of Chinese tech giant

Cyber security firm says hackers who targeted hotels hosting Iranian nuclear talks also likely breached system of electronics manufacturer

Tamar Pileggi is a breaking news editor at The Times of Israel.

German Foreign Minister Frank-Walter Steinmeier (R) leaves the Beau-Rivage Palace hotel during a break in Iran nuclear talks in Lausanne on March 29, 2015. (photo credit: AFP PHOTO / FABRICE COFFRINI)
German Foreign Minister Frank-Walter Steinmeier (R) leaves the Beau-Rivage Palace hotel during a break in Iran nuclear talks in Lausanne on March 29, 2015. (photo credit: AFP PHOTO / FABRICE COFFRINI)

A sophisticated computer virus discovered at hotels hosting high-level nuclear talks and reportedly linked to Israel appears to have also broken into Chinese electronics giant Foxconn.

According to the cyber security firm Kaspersky Lab, the Duqu 2.0 software used legitimate digital certificates stolen from the Taiwan-based electronics company to load and run the virus on the targeted computers undetected, Reuters reported on Monday.

Last week, the Moscow-based Kaspersky Lab first reported that three European hotels hosting the ongoing talks between P5+1 countries and Iran were attacked by an intelligence-collection malware in the weeks leading up to the negotiations.

Since digital certificates are the basis of e-commerce and other automated transactions. Attackers hijacking the signing certificate would have likely slipped under the radar of a massive company like Foxconn, which manufactures hardware for tech giants including Apple, Dell, Google and Microsoft.

Researchers at Kaspersky said it most recent breach was not the first time the hackers behind the sophisticated Duqu 2.0 malware have corrupted otherwise legitimate certificates to gain access to networks for intelligence gathering

The cyber security firm noted that the Stuxnet malware — which reportedly was developed by the US and Israel to sabotage Iran’s nuclear program — similarly used a digital certificate from an Asian tech manufacturer to sabotage uranium enrichment at the Natanz facility in 2010.

Kaspersky warned that the Foxconn certificate breach weakens the use of digital certificates as a reliable mechanism for authenticating legitimate software.

In its initial report last week, the Russian firm did not offer any specific evidence of the allegations or identify Israel by name as being responsible for the virus. However, it did conclude the threat came from the same source as the original Duqu virus, and says it was likely carried out by a nation-state.

Duqu 2.0 allows the hacker to eavesdrop on conversations and steal electronic files, and could also enable the hacker to operate two-way microphones in hotel elevators, computers and alarm systems, the Wall Street Journal reported.

“The people behind Duqu are one of the most skilled and powerful [advanced persistent threat] groups and they did everything possible to try to stay under the radar,” said Costin Raiu, head of Kaspersky Global Research & Analysis Team, in a statement released by the company last week.

US intelligence agencies view Duqu infections as Israeli spy operations, former US officials said, according to the report.

Israeli officials declined to comment on the report, and has long-denied spying on its allies.

The spying allegations coincide with deepening tensions in the US-Israeli relationship, much of it linked to Iran. The Obama administration has rejected much of the hawkish advice of its close Mideast ally in favor of what US officials say would be an accord that removes the threat of a nuclear-armed Iran.

Israel has aggressively lobbied against the emerging nuclear with Iran both internationally and within the United States.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed