Blog Articles

Spyware found at Iran nuclear talks locations

A Russian cybersecurity firm told The Washington Post that sophisticated spyware had infected computers at luxury hotels used for Israel's nuclear negotiations with Iran, according to The Washington Post.

As of now, there's no information on whether or not the spyware led to a data breach, but it is believed that Israel is responsible for the virus, which is impressing members of the cybersecurity sector with its complexity and ability to be nearly undetectable. It wasn't noticed until a routine test was conducted in early spring. 

The virus included more than 100 modules that allowed hackers to control computers that had been infected and gave them access to compressed video feeds from hotel surveillance cameras, according to the International Business Times. Hackers were also able to identify who was connected to Wi-Fi networks and could listen to phone conversations, steal electronic files and control a handful of devices, such as two-way microphones and alarm systems. The virus was even capable of letting hackers figure out the hotel room numbers of certain attendees. 

"The malware used three "zero day" vulnerabilities to gain access to the system."


According to the Minneapolis Star-Tribune, the malware used three "zero day" vulnerabilities to gain access to the system. These vulnerabilities are flaws in Microsoft's operating system that are undefended. There are tools available on the black market that enable cyber-criminals to locate these vulnerabilities on a business' network.

Cybersecurity professionals also noted that the virus displayed similar markings to the Dugu malware, a remote-access Trojan virus that collects information that could be used to probe weaknesses in cybersecurity. Dugu was identified for the first time in 2011. It is also believed to be related to the Stuxnet computer worm that breached Iran's uranium-enrichment sites in 2010. 

Back then, Iran blamed Israel and the United States, according to The Washington Post. However, Internet security experts have collectively credited Dugu's development to Israel, which is why the suspicion of this latest spyware had been placed on that country.

Why suspect Israel
It is believed that Israel supported the cyberattack as a result of that country disagreeing with a nuclear deal that the U.S., Iran, Russia and several other European countries are working on. The deal was announced after two years of negotiations.

Specialists feel that all clues point to Israel because the spyware wouldn't have been created if the developer didn't have at least $10 million, ruling out any amateur suspects, and access to the original Dugu malware. It was said that those responsible for the cyberattack weren't interested in corporate or financial information, but instead focused their efforts on probing new security software for detecting viruses. The virus wasn't detected until it had already been in place for months. 

The specific hotels that had their systems breached by the spyware haven't been identified, but it is common knowledge that most of the talks concerning the nuclear bill occurred in Austria and Switzerland.  

These cyberattacks reveal that there are potential weak points in the cyber defense systems of businesses and that businesses should look to ensure customers that their systems are secure and that their information and data will be protected.


Back to Cyber Security | Back to All Categories