Duqu 2.0 is a version of malware reported in 2015 to have infected computers in hotels of Austria and Switzerland that were sites of the international negotiations with Iran over its nuclear program and economic sanctions.[1] The malware, which infected Kaspersky Lab for months without their knowledge,[2] is believed to be the work of Unit 8200, an Israeli Intelligence Corps unit of the Israel Defense Forces. The New York Times alleges this breach of Kaspersky in 2014 is what allowed Israel to notify the US of Russian hackers using Kaspersky software to retrieve sensitive data.[3]
Kaspersky discovered the malware, and Symantec confirmed those findings. The malware is a variant of Duqu, and Duqu is a variant of Stuxnet. The software is "linked to Israel", according to The Guardian.[4] The software used three zero-day exploits,[5] and would have required funding and organization consistent with a government intelligence agency.[6]
According to Kaspersky, "the philosophy and way of thinking of the “Duqu 2.0” group is a generation ahead of anything seen in the advanced persistent threats world."[7]