Hackers used Stuxnet certificate to mislead investigators “




Hackers signed their own malware same Realtek certificate had been stolen by the creators of the Stuxnet malware. According to researchers at Kaspersky done this for researchers to deceive.

Kaspersky researchers who recently their research presented at the Virus Bulletin conference, saying at Motherboard that the use of the certificate is one of the most remarkable applications of a so-called false flag. That hackers attempt to disguise the origin of their seizures. The hackers in the present case belong to the so-called “TigerMilk’ group. This uses a common exploit for Microsoft Office to attack government institutions in Peru.

The malware itself was not remarkable, in contrast to the use of the driver Realtek-certificate. This is in fact already in 2010 revoked by VeriSign, to counteract the Stuxnet malware. Thus the researchers conclude that the only reason for the use of the certificate misleading security researchers and incident responders can be. Using the certificate they might be tempted to attribute the attacks to the group behind Stuxnet. It is not clear how the Tiger Milk hackers possess have come from the certificate.

In the report, the researchers consider the difficulty of assigning hacks to certain countries or groups, also expressed in the saying ‘attribution is hard’, or ‘assignment is difficult. ” At this time, happens that, for example, on the basis of IP addresses that have been used in an attack, or on the basis of code bits re-used and types of malware. According to researchers, thereby intercepting network traffic or pcaps , the most useful information. But this it is still not easy to identify the actual perpetrator.

Security and intelligence agencies are in the best position to identify an offender, because they have the most information. These services are limited in this role, because they can not publicly support their findings, the researchers said. Therefore, they should be able to designate an offender, but are not believed.

Recent hacks on the US Democratic Party have caused much speculation about the responsible party, with Russia becoming one of the main suspects emerged. Recently pointed to the US government this country officially to be responsible.


In: A Technology & Gadgets Asked By: [22628 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »