Kaspersky, a high-profile company in the computer security business, has rather ironically, been hacked. In a blog post titled, “Kaspersky Lab investigates hacker attack on its own network,” the Russia-based outfit said it’d recently discovered an “advanced attack” on its own internal networks.
CEO Eugene Kaspersky described the breach as “complex [and] stealthy,” adding that it was “quite confident” a nation state was behind it. He declined to name any names. Kaspersky said the recently discovered malware exhibited similar characteristics to a Trojan named Duqu, which received widespread coverage in 2011 after being used in attacks against Iran, India, France, and Ukraine.
Related: Four million government personnel files lost in latest hack
Keen to reassure those who use its products and services, the security firm said that neither had been affected by the attack, “so our customers face no risks whatsoever due to the breach.” It added that no customer data had been taken by the hackers. Kaspersky said that although the company is still investigating the incident, he believes that “the prevalence of this attack is much wider and has included more top-ranking targets from various countries.”
So why exactly was Kaspersky Labs among those targeted by hackers? The company is adamant the cybercriminals were intent on finding out more about its latest technologies, among other things.
“The bad guys also wanted to find out about our ongoing investigations and learn about our detection methods and analysis capabilities,” Kaspersky said in his post. Of course, if a company in the business of computer security can’t make sense of a hack on its own systems, then what hope is there for the rest of us? Thankfully, Kaspersky Labs now appears to be on top of the situation, and is promising to use the incident to further improve its defensive technologies.
Addressing the fact that some may question why a company in the business of computer security would report an attack on its own systems, Kaspersky said it was simply the right thing to do, and that it could happen to anyone. As he wrote in his post: “There are just two types of companies – those that have been attacked and those that don’t know they’ve been attacked.”