At this point, it appears the attack is found only in organisations using Windows computers.  The same attack, however, can be configured to other operating systems. The attack appears to be a modification of the Stuxnet worm the US government used against the Iranian nuclear processing machinery. It is similar to the Duqu2 attack on Kaspersky that seemed to be state-sponsored

Kaspersky has identified the detail of the attack process and offers a (technical) way of detecting this particular attack, of which parts are indirectly revealed by Kaspersky's normal scan tools.


Notified in ITNews 14/2/17