[eli]

"By targeting Kaspersky Lab, the Duqu attackers probably took a huge bet hoping they’d remain undiscovered; and lost."

That seems like a very nice spin on a successful attack that was eventually detected. How long were the attackers able to spy on their internal systems? Perhaps they didn't need ongoing access and simply wished to steal client files or documents.

[AnonymousPlanet]

That was my first thought aswell. One of the main takeaways from this is that Kaspersky Labs was probably compromised. Or at least there was an attempt. And the attacker is related to Stuxnet in some way. At least according to Kaspersky Lab.

[r721]

>Kaspersky Labs was probably compromised

Relevant quote:

"Company officials were unable to provide Ars with an estimate of how many megabytes or gigabytes of data were extracted from their network, in part because the custom network connections Duqu used may have bypassed normal logging procedures. The company hasn't ruled out the possibility the attackers obtained Kaspersky Lab source code, but there are no signs they tried to compromise any of Kaspersky's 400 million users."

from http://arstechnica.com/security/2015/06/stepson-of-stuxnet-s...

[gesman]

"... or perhaps they don’t care much if they are discovered and exposed"

-- Kaspersky Labs

[imglorp]

That's probably a big indication the attackers were making a withdrawal. If they were depositing something into production AV products, they would take super extra care to not be detected.