An evolved version of the notorious Duqu worm is targeting businesses, governments and individuals involved in international negotiations concerning Iran's nuclear programme.
Kaspersky Lab researchers reported uncovering Duqu 2.0 in a technical paper, after they spotted the worm had targeted its own systems.
"Earlier this year, during a security sweep, Kaspersky Lab detected a cyber intrusion affecting several of its internal systems," read the paper.
"Following this finding, we launched a large-scale investigation which led to the discovery of a new malware platform from one of the most skilled, mysterious and powerful groups in the APT world - Duqu.
"Our technical analysis indicates the new round of attacks includes an updated version of the infamous 2011 Duqu malware, sometimes referred to as the step-brother of Stuxnet."
Costin Raiu, director of Kaspersky Lab's Global Research & Analysis Team, said the malware is more dangerous than the original Duqu for a variety of reasons.
"The people behind Duqu are one of the most skilled and powerful APT groups and they did everything possible to try to stay under the radar," he said.
"This highly sophisticated attack used up to three zero-day exploits, which is very impressive, and the costs must have been very high. To stay hidden, the malware resides only in kernel memory, so anti-malware solutions might have problems detecting it.
"It also doesn't directly connect to a command and control server to receive instructions. Instead, the attackers infect network gateways and firewalls by installing malicious drivers that proxy all traffic from the internal network to the attackers' command and control servers."
Microsoft plugged one of the three vulnerabilities exploited by Duqu 2.0 earlier today as a part of the June Patch Tuesday update. The remaining two were reportedly patched "months ago".
Kaspersky chief executive and founder Eugene Kaspersky said the upgrades to Duqu 2.0 make it "almost invisible" as it "spreads through the network by pretending to be the network administrator and makes no registry changes" or "obvious indicators".
He added: "Duqu 2.0 is the Terminator or Robocop of malware" and was found only when "the hackers were stupid and attacked a security company".
Kaspersky explained the hackers' exact reasons for targeting the firm remain unknown, but that it "could be because they wanted to be cool and scalp us". Kaspersky has already rolled out a detection tool for Duqu 2.0 to its customers.
The company said Duqu has infiltrated organisations and government entities across the globe, but "we still don't know how many victims around the world. We just saw a few of them".
Symantec has confirmed Kaspersky's findings, saying that it has detected similar infections.
"Among the organisations targeted were a European telecoms operator, a North African telecoms operator, and a South East Asian electronic equipment manufacturer," read Symantec's report.
"Infections were also found on computers located in the US, UK, Sweden, India and Hong Kong."
The Wall Street Journal reported finding evidence that Israeli hackers made the Duqu 2.0 malware.
However, Kaspersky questioned this. "We can't prove attribution as they're going through proxy servers. We do have not tools or licences to get behind those," he said.
But he added that the highly sophisticated nature of the attack indicates that it is state-sponsored, and that it must have cost at least $10m to develop and deploy.
State-sponsored cyber attacks are a growing concern facing businesses and security professionals.
Renowned cryptography expert Bruce Schneier cited the 2014 Sony breach as proof that businesses and governments are not prepared for the coming cyber war, during a keynote at Infosec Europe on 3 June.
More fingers of blame pointed at gangs linked to North Korean government
Dominance of Apple and Samsung in smartphones being chipped away by Huawei, Oppo and other cheaper rivals
OLED smartphone display can be stretched, bent, rolled and even dented - but won't break
Upgrading from a conventional hard-disk drive to an SSD? This may be just what you're looking for