Cybersecurity firm claims Israel-linked virus used for spying found at three hotels that hosted talks between world powers and Iran. A computer virus was used to hack into venues linked to international talks on Iran’s nuclear program, Russian computer security company Kaspersky Lab said on Wednesday. The Wall Street Journal said the virus was widely believed to be used by Israeli spies and Kaspersky had linked it to “three luxury European hotels” used in the negotiations involving Iran and six world powers.
Kaspersky said it looked into the “cyber-intrusion” after detecting the “Duqu 2.0” malware in its own systems in early spring this year, which it said was designed to spy on its technology, research, and internal processes. Other victims of Duqu had been found in Western countries, the Middle East and Asia, it said in an emailed statement. “Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal,” the statement said.
“P5+1” refers to the six world powers negotiating with Iran on curbs to its disputed nuclear program — the United States, Russia, China, Britain, France and Germany. The talks have been held in Geneva, Lausanne, Montreux, Munich and Vienna.
In February, the United States accused Israel of using selective leaks from the talks to distort the US position. Israel has denounced the diplomatic opening to Iran, saying it doubts any agreement arising from the talks will sufficiently restrain the disputed nuclear program of its arch-enemy. During various rounds of the talks, Israeli officials said they knew what was being discussed from various sources including intelligence gathering and information relayed by allies. The officials did not elaborate on the latter, but did assert that Israel never spied on the United States, its closest ally. The unidentified group behind the Duqu malware, according to Kaspersky, was “one of the most skilled, mysterious and powerful threat actors in the APT (advanced persistent threat) world”. Advanced persistent threats typically refer to sophisticated software created by state-backed cyberspies.
Kaspersky said Duqu was previously used for an unspecified cyberattack in 2011 that bore similarities to Stuxnet, a computer “worm” that partially sabotaged Iran’s nuclear program in 2009-2010 by destroying a thousand or more centrifuges that were enriching uranium. Another Duqu attack, Kaspersky said, was carried out “in relation to” the commemoration of the 70th anniversary in January this year of the liberation of the Auschwitz-Birkenau Nazi concentration camp in Poland. That ceremony was attended by the heads of state of Germany, France, Britain and other nations. The targets of the Duqu attacks in 2011 and more recently were not specified by Kaspersky.