How Top Cyber Security Firm Kaspersky Labs Fell Victim to Hackers

— -- It's one of the last groups one would expect to be hacked, but Kaspersky Labs, a top cyber security firm, said it was the victim of a sophisticated attack on its internal servers.

"The bad news is that we discovered an advanced attack on our own internal networks," CEO Eugene Kaspersky wrote in a blog post on Wednesday. "It was complex, stealthy, it exploited several zero-day vulnerabilities, and we're quite confident that there's a nation state behind it."

The company, headquartered in Moscow, is calling the attack Duqu 2.0 because it believes the group behind the latest cyber intrusion is the same one behind a 2011 worm designed to steal private information. Kaspersky said it believes the perpetrators are a "nation-state" but did not name names.

Customer data wasn't compromised and no information was taken, according to Kaspersky. However, it is believed the goal of the attackers was to learn about Kaspersky's technologies, including the company's detection methods and analysis capabilities.

"The bad guys also wanted to find out about our ongoing investigations and learn about our detection methods and analysis capabilities," Kaspersky wrote. "Since we're well known for successfully fighting sophisticated threats they sought this information to try stay under our radar. No chance."

Kaspersky said the attack was first detected using an alpha version of the company's anti-APT (advanced persistent threat) software, which is adept at uncovering even the most targeted and clandestine attacks.

"Attacking us was hardly the smart move: They've now lost a very expensive technologically advanced framework they'd been developing for years," Kaspersky wrote.

"It’s another clear signal we need globally-accepted rules of the game to curb digital espionage and prevent cyberwarfare," he said. "If various murky groups -- often government-linked -- treat the Internet as a Wild West with no rules and run amok with impunity, it will put the sustainable global progress of information technologies at serious risk."