Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

Missed It By That Much

Oops.

Unmanned capsule misses space station

An unmanned Russian cargo ship sailed past the International Space Station instead of docking on autopilot, as engineers on Earth struggle to determine what went wrong.

A telemetry lock between the Russian-made Progress module and the space station was lost and the module flew past at a safe distance. NASA said the crew was never in danger and that the supplies are not critical and will not affect station operations.

NASA said that it will not attempt another docking today. Russian flight controllers don’t know yet what caused the failure in the unmanned modules automated docking system.

The robotic cargo ship Progress 38 was slated to dock at the space station at 12:58 p.m. ET (1658 GMT) but lost its navigational lock on the orbiting lab about 25 minutes before the rendezvous.

“The Progress literally flew past the station, but at a safe distance from the outpost,” NASA commentator Rob Navias said. “The station crew reported seeing the Progress drift beyond their view, as they worked to reestablish telemetry with the spacecraft.”

The Progress 38 spacecraft flew by the space station at a distance of several kilometers (a couple miles) away, posing no threat of impact. But because of its orbit, there may not be a second chance to dock the spacecraft by remote control today, Navias said.

Known in Russia as Progress M-06M, the new Progress 38 spacecraft is packed with nearly 2.5 tons of fresh food, clothes, equipment and other supplies for the space station’s six-person crew. It launched Wednesday from Baikonur Cosmodrome in Kazakhstan.

See also:
Russian cargo ship ‘under control’ official says
Russian ship zips by International Space Station after failing to dock
Resupply vessel fails to dock with space station
Russian cargo ship fails to dock with ISS
Cargo ship misses space station docking
Robotic cargo spacecraft misses rendezvous with ISS
Unmanned cargo spacecraft misses tryst with ISS
Supply spacecraft misses space station
June 30, Soyuz-U – Progress M-06M (38P)
Progress M-06M

I’m sure they’ll get this errant Progress under control and docked with the ISS. However, it’s worth noting that, after the last two Space Shuttles stop flying, there’s no plan B anymore, it’s the Russian spacecraft or nothing.

/of course, we had a follow on to the Space Shuttle, but Obama canceled it