Beyond Stuxnet

Looks like someone, and I’m guessing it’s not the Anonymous script kiddies, is getting ready to open a serious can of cyberwarfare whoop ass on someone.

W32.Duqu: The Precursor to the Next Stuxnet

On October 14, 2011, a research lab with strong international connections alerted us to a sample that appeared to be very similar to Stuxnet. They named the threat “Duqu” [dyü-kyü] because it creates files with the file name prefix “~DQ”. The research lab provided us with samples recovered from computer systems located in Europe, as well as a detailed report with their initial findings, including analysis comparing the threat to Stuxnet, which we were able to confirm. Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose.

Duqu is essentially the precursor to a future Stuxnet-like attack. The threat was written by the same authors (or those that have access to the Stuxnet source code) and appears to have been created since the last Stuxnet file was recovered. Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

Duqu does not contain any code related to industrial control systems and is primarily a remote access Trojan (RAT). The threat does not self-replicate. Our telemetry shows the threat was highly targeted toward a limited number of organizations for their specific assets. However, it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

See also:
Son of Stuxnet Found in the Wild on Systems in Europe
Duqu May Have Targeted Certificate Authorities for Encryption Keys
Stuxnet Clone ‘Duqu’: The Hydrogen Bomb of Cyberwarfare?
“Son of Stuxnet” Virus Uncovered
New virus a cyber ‘attack in the making’
Cyberattack forecast after spy virus found
Stuxnet successor on the loose?
Brace for “son of Stuxnet” — Duqu spies on SCADA
Duqu: Son of Stuxnet?
Symantec, McAfee differ on Duqu threat
Who’s behind worm Duqu, ‘son of Stuxnet’?
Stuxnet-based cyber espionage virus targets European firms
Key European Nuclear Firms Attacked By Variation On Stuxnet Virus

A couple of conclusions come to mind. First, the fact that Duqu is based on Stuxnet and the Stuxnet source code has never been released makes it a sure bet that the authors are one in the same, namely Israel and/or the United States, Second, the fact that Duqu is clandestinely collecting information from European manufacturers of industrial control system software, specifically software that controls nuclear facilities, strongly suggests that the eventual primary target of the apparent pending cyberattack will, once again, be Iran’s nuclear program.

/in other words, Duqu is setting up a cyberassault that will hopefully finish, once and for all, the job that Stuxnet so effectively started, halting Iran’s quest for a nuclear weapon in its tracks without having to bomb the [expletive deleted] out of their nuclear facilities

Advertisements

Not So Astute

It’s a bad end to a bad week for the British military.

A beached wail from the world’s top submarine

THE British Royal Navy faces a possible multimillion-dollar repair bill for damage to the world’s most advanced submarine, with stealth technology so sophisticated it can lie undetected for weeks off an enemy coast.

The sub, which is so new that it is not yet fully operational, has sonar with a range of 3000 nautical miles and carries more firepower than a squadron of 16 Tornado bombers.

But on Friday the £1.2billion ($1.9billion) HMS Astute nuclear submarine spent the day stuck on a shingle bank near the Isle of Skye off the west coast of Scotland in view of a curious public after it ran aground during a routine crew transfer. It was towed free by a tug that night but the incident is another blow for the Royal Navy, which suffered considerably last week with budget cuts to its aircraft carriers, warships, Harrier jump jets and the prospect of 5000 redundancies.

The navy insisted that there was no likelihood of a nuclear leak or any other environmental issue and no one was injured in the incident.

But the ship’s Commander, Andy Coles, will face questions and a possible court martial over why the ship ran aground.

See also:
Royal Navy chiefs left red-faced after brand new £1.2bn nuclear submarine is left high and dry off the coast of Scotland
Experts assess grounded submarine
Navy’s nuclear super-stealth submarine stuck off Skye for ten hours
High-tech sub runs aground in Scotland
HMS Astute – the navy’s £1.2billion nuclear vessel – runs aground
Sub shows too much to be stealthy
Navy not quite so astute after stranding
Red faces for Navy as stealth submarine left high and dry
Nuclear submarine HMS Astute is finally freed after running aground off Skye
Barrow submarine HMS Astute rescued
Grounded Nuclear Submarine Is Towed Free
Nuclear submarine freed after running aground off Isle of Skye
Grounded nuclear sub HMS Astute docked for tests
FACTBOX-Britain’s Astute class submarines
HMS Astute (S119)

Well, at least they got her back underway with no apparent damage and no loss of life.

/I’m guessing Commander Coles won’t be in command much longer