All the latest UK technology news, reviews and analysis

MiniDuke malware infiltrated UK networks, confirms Kaspersky

28 Feb 2013
british flag

The MiniDuke cyber spying tool managed to infect UK networks, according to new information from Kaspersky Labs.

Kaspersky Labs chief security expert Aleks Gostev told V3 that the UK was on the malware's laundry list of victims.

"More than 23 countries are affected and the UK is one of them. We shared all the information we have with national CERTs so that they could continue their own investigations," Gostev told V3.

However, as the UK has no CERT team as yet it is unclear which authority was contacted about the attack. V3 has asked for more information.

MiniDuke is a cyber espying tool discovered by Kaspersky and Crysys Lab that targeting government and critical infrastructures systems using malicious PDF documents.

"The attackers would have sent PDF files via email with subject headings including 'human rights seminar' or 'membership plans' which the users would be tempted to open. These files were the carriers of the malware which would then take over the machine," explained Gostev.

The security chief said that the attack has several atypical features that indicate it may have been made by a veteran team of hackers.

"MiniDuke is a unique and very strange attack. The many different targets hit in separate countries, together with the high profile appearance of the decoy documents and the weird backdoor functionality indicate an unusual threat actor," said Gostev

"The backdoor is written in ‘old school' assembly code and is tiny by current malware standards - only 20KB in size. This is most unusual for modern malware, which can be several megabytes in size."

MiniDuke is one of many espionage tools discovered by Kaspersky, which over the last year has helped unearth the hyper-sophisticated Flame and Red October campaigns.

Red October was a global cyber campaign caught targeting numerous European government institutions in January 2013. It is believed to have been created by a criminal group.

Flame was unearthed targeting Iranian government networks midway through 2012. The malware is believed to be state made, possibly by the US and Israel.

Gostev said that while MiniDuke is sophisticated it is not currently believed to be linked to either of these campaigns.

"Some of the elements remind us of cyber-espionage tools such as Duqu or Red October, such as the minimalistic approach, hacked servers, encrypted channels and also the typology of the victims," said Gostev.

"The amount of high profile victims in this attack is also notable and puts it on the same level with other advanced campaigns such as Red October.

"However, it is not related to any known platforms used in cyber-espionage campaigns such as ‘Tilded' platform in case of Stuxnet and Duqu or Flame platform."

The attack is the just the latest to be uncovered after a raft of attacks on western organisations that are believed to have emanated from China.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Semantic Web Developer

Semenatic Web Developer - London, £40-50k plus package...

Core Integration Developer (Java, Tibco, Continuous integration

Core Integration Developer (Java, Tibco, Continuous integration...

Data Quality Analyst

Data Quality Analysts x3, London Bridge, London – £25...

Team Leader - London (Monument)

Team Leader - 35 - 45k Nicoll Curtin is an award winning...
To send to more than one email address, simply separate each address with a comma.