Just saw the KasperskyES tweet and decided to ask something I had in my mind for a long time ...
I saw several informative videos related to Stuxnet, and it's particular way of attacking SCADA embedded systems. The drivers they used to attack the Windows systems at first instance were signed with JMicron and Realtek certificates. How do you think the attackers got into those? Did they previously attack those companies to get them, or...?
Also, when you discovered you got attacked by Duqu 2.0, how did Kaspersky react to that? And, how was the security breach discovered? (I read it was thanks to an alpha version of your Anti-APT solution, but wanted to know more about that).
Thanks for making this AMA, hope the team enjoys it, and also thanks for your incredible job!! :)
sergiocastell28 karma
Just saw the KasperskyES tweet and decided to ask something I had in my mind for a long time ...
I saw several informative videos related to Stuxnet, and it's particular way of attacking SCADA embedded systems. The drivers they used to attack the Windows systems at first instance were signed with JMicron and Realtek certificates. How do you think the attackers got into those? Did they previously attack those companies to get them, or...?
Also, when you discovered you got attacked by Duqu 2.0, how did Kaspersky react to that? And, how was the security breach discovered? (I read it was thanks to an alpha version of your Anti-APT solution, but wanted to know more about that). Thanks for making this AMA, hope the team enjoys it, and also thanks for your incredible job!! :)
View HistoryShare Link