![Filehippo - Software that matters](https://news.filehippo.com/wp-content/uploads/2020/03/header-strapline.png")
Kaspersky Labs has recently come under attack from a highly sophisticated malware program, Duqu 2.0, which used a stolen Foxconn certificate to infiltrate the security firm. Foxconn is a Taiwanese firm that manufacturers hardware for a lot of major companies including Apple, Dell, Microsoft and Google. The Foxconn certificate is the third one used to sign malware that has been linked to the same APT attackers.
![[image via Kaspersky.com/press center]](http://news.filehippo.com/wp-content/uploads/2015/06/Kaspersky.png)
[image via Kaspersky.com/press center]
“The fact that they have this ability and don’t reuse their certificates like other APT groups means they probably [used them only for targeted attacks],” said Costin Raiu, director of Kaspersky Lab’s Global Research and Analysis Team, “is certainly alarming.” It leaves one to wonder about the reliability of the entire digital certificate mechanism that companies like Microsoft and Apple rely on so heavily to establish the legitimacy of applications and drivers.
Raiu went on to say in a post by Kaspersky Labs, “The people behind Duqu are one of the most skilled and powerful APT groups and they did everything possible to try to stay under the radar. This highly sophisticated attack used up to three zero-day exploits, which is very impressive – the costs must have been very high. To stay hidden, the malware resides only in kernel memory, so anti-malware solutions might have problems detecting it. It also doesn’t directly connect to a command-and-control server to receive instructions. Instead, the attackers infect network gateways and firewalls by installing malicious drivers that proxy all traffic from the internal network to the attackers’ command and control servers.”
More details about Duqu 2.0 can be found in this technical report.