Switzerland & Austria Investigate Claims of Electronic Spying at Iran Talks

Uploaded on 2015-08-14 in INTELLIGENCE-Hot Spots-Iran, INTELLIGENCE--Europe, FREE TO VIEW, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

kaspersky.jpg?itok=5WgBTvqp

Kaspersky says Iran talks spyware masqueraded under Foxconn name.

Prosecutors in Switzerland and Austria have launched investigations into allegations that a computer virus was used to spy on the recent high-level Iran nuclear talks. Swiss police  reveal raids last month, after a security company said Dugu 2.0 spy virus appeared to have hit hotels that hosted diplomats at nuclear negotiations. Prosecutors did not say which venues were targeted.

It comes shorly after a top Russia-based software security company, Kaspersky, said a spy virus dubbed Dugu 2.0 appeared to have compromised computer networks in at least three Swiss hotels that had been host to senior diplomats from Iran and the six major powers – the US, China, Russia, Britain, France and Germany – of the group known as the P5+1. 

The office of the Swiss attorney general announced that police had last month raided unnamed locations in Geneva, where recent talks took place, and confiscated computer equipment and IT material. 
The allegations have surfaced at a critical moment in the ongoing nuclear talks ahead of an end of June deadline for a comprehensive agreement. 

An investigation was launched following those raids, federal Swiss prosecutors said, without mentioning which venues had been targeted. Swiss hotels that have hosted the negotiations in recent months include the Palais Wilson and Intercontinental in Geneva, the Beau Rivage in Lausanne and the Royal Plaza in Montreux. 
“The aim of this raid was on one hand to gather evidence and to on the other verify if information systems had been infected by malware,” the Swiss attorney general’s office said, according to AFP. 

Austria, which also hosted the Iranian nuclear negotiations, confirmed on Thursday it was investigating separately as well. Vienna’s Palais Coburg hotel has been a frequent venue for the ongoing talks. “The federal office for the protection of the constitution and counter-terrorism is aware of the information and is reviewing it,” said a Vienna-based government spokesman.

Although it is not clear who has carried out the recent cyberattacks, Dugu is related to Stuxnet, a computer worm, which is believed, to have been designed by Israel to sabotage Iran’s uranium enrichment programme. Stuxnet hit Iran’s nuclear facilities in 2010. Iranian authorities initially played down its impact but eventually admitted the malware had damaged the nuclear programme.

Israel, which stands firmly opposed to a comprehensive deal with Iran and the lifting of sanctions as a result, has denied any links to the recent attacks. “The international reports of Israeli involvement in the matter are baseless,” said Tzipi Hotovely, Israel’s deputy foreign minister. “What is much more important is that we prevent a bad agreement where at the end of the day we find ourselves with an Iranian nuclear umbrella.”

In March, and in unusual comments for US administration officials, the Wall Street Journal cited senior American officials accusing Israel of spying on the nuclear talks and using the intelligence gathered to persuade sceptics in Congress to undermine the talks. 

Reza Najafi, Iran’s ambassador to the Vienna-based UN nuclear agency, the IAEA, said the news about the cyberattack was not surprising to Iran.


“You know that there are enemies of these talks and they will do whatever they can, so it’s not a surprise to us,” he said in reaction to the news. “We continue to take precautionary measures not to let any details of the discussion go to the public.”
Kaspersky said in a statement published on its website that it believed the malware included “some unique and earlier unseen features” which made its creators feel confident no traces could be left. The carefully planned and sophisticated nature of the attacks led the security firm to believe that a nation state sponsored the campaign. 

“Kaspersky Lab researchers discovered the company wasn’t the only target of this powerful threat actor. Other victims have been found in western countries, as well as in countries in the Middle East and Asia,” the statement read.
“Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal. The threat actor behind Duqu appears to have launched attacks at the venues where the high-level talks took place.” Symantec, a rival security company, has confirmed Kaspersky’s findings.

Iran and the west reached a tentative agreement on the framework of a comprehensive deal in April. Under its terms, restrictions will be placed on Iran’s enrichment of uranium so that it is unable to use the material in nuclear weapons.

In return, the US and EU will terminate all nuclear-related economic sanctions against Iran once the UN nuclear agency confirms that Iran has complied.

Guardian

 

« Hackers Target Internet Address Bug to Disrupt Sites
The Robots Taking Your Job Could Get You Killed »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

Cyjax

Cyjax

Cyjax monitors the Internet to identify the digital risks to your organisation, including cyber threats, reputational risks and the Darknet.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

FutureRange

FutureRange

Specialising in IT Managed Services, Cybersecurity and Digital Transformation, FutureRange experts provide professional IT services for clients throughout Ireland and beyond.

Nerds On Site

Nerds On Site

Nerds On Site provide on-site & in-home IT and technical support, managed IT services, and cyber security through our collaborative team of highly-trained IT and Security professionals.