Developers planted several false flags in the malware to give the appearance its origins were in Eastern Europe or China. But as the Kaspersky researchers delved further into the 100 modules that encompass the platform, they discovered it was an updated version of Duqu, the malware discovered in late 2011 with code directly derived from Stuxnet. Evidence later suggested Duqu was used to spy on Iran’s efforts to develop nuclear material and keep tabs on the country’s trade relationships. Duqu’s precise relation to Stuxnet remained a mystery when the group behind it went dark in 2012. Now, not only was it back with updated Stuxnet-derived malware that spied on Iran, it was also escalating its campaign with a brazen strike on Kaspersky.
Waking up in the wrong science fiction future.