Swiss authorities have searched a house in Geneva and seized computer material in connection with a possible cyber attack on nuclear negotiations between Iran and major powers in the city.
Russian computer security company Kaspersky Lab said on Wednesday that a computer virus was used to hack into locations including three luxury hotels that have hosted negotiations between Iran and six world powers on curbs to its disputed nuclear programme – the United States, Russia, China, Britain, France and Germany, known as “P5+1″.
Austria is also investigating the case.
Criminal proceedings have been opened against unknown persons “on suspicion of political espionage”, it added in a statement, without elaborating.
In Vienna, an Interior Ministry spokesman said the Federal Office for the Protection of the Constitution and Counterterrorism was aware of the information about the suspected cyberattack and was reviewing it.
Kaspersky said it looked into the “cyber-intrusion” after detecting the ‘Duqu 2.0’ malware in its own systems in early spring this year, which it said was designed to spy on its technology, research, and internal processes.
“Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal,” the statement said.
The talks have been held in Geneva, Lausanne, Montreux, Munich and Vienna.
In February, the United States accused Israel of using selective leaks from the talks to distort the US position.
Israel has denounced the diplomatic opening to Iran, saying it doubts any agreement arising from the talks will sufficiently restrain the disputed nuclear programme of its arch-enemy.
Israeli officials said that Israel never spied on the United States, its closest ally.
The unidentified group behind the ‘Duqu’ malware, according to Kaspersky, was “one of the most skilled, mysterious and powerful threat actors in the APT (advanced persistent threat) world.”
Advanced persistent threats typically refer to sophisticated software created by state-backed cyberspies.
Kaspersky said ‘Duqu’ was previously used for an unspecified cyberattack in 2011 that bore similarities to Stuxnet, a computer “worm” that partially sabotaged Iran’s nuclear programme in 2009-2010 by destroying a thousand or more centrifuges that were enriching uranium.
Another ‘Duqu’ attack, Kaspersky said, was carried out “in relation to” the commemoration of the 70th anniversary in January this year of the liberation of the Auschwitz-Birkenau Nazi concentration camp in Poland. That ceremony was attended by the heads of state of Germany, France, Britain and other nations.