Internet security firm Kaspersky calls ‘Flame’ bug the ‘most sophisticated cyber-weapon yet unleashed,’ hints it may have been created by makers of Stuxnet worm.
Internet security company Kaspersky Lab announced on Monday that it had uncovered a ‘cyber-espionage worm’ designed to collect and delete sensitive information, primarily in Middle Eastern countries.
Kaspersky called the malware, named “Flame,” the “most sophisticated cyber-weapon yet unleashed.” It said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
The company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.
On its blog, Kaspersky called Flame a “sophisticated attack toolkit,” adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.
The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers. Iran admitted that the worm damaged centrifuges operating at an uranium enrichment facility at Nantaz.
Kaspersky’s chief malware expert Vitaly Kamluk told the BBC that more than 600 specific targets had been hit by Flame, including computers owned by individuals, businesses, academic institutions and government systems.
Kamluk said he believed the malware had been operating at least since August 2010, and probably earlier, adding that there was “no doubt” that it was developed by a state actor.
Symantec, another Internet security firm, said on its blog that the bug’s code was on par with that of Stuxnet and Duqu, which it described as “arguably the two most complex pieces of malware we have analyzed to date.”
It also said that certain file names in Flame were identical to those described in a hacking incident in April involving the Iranian oil ministry.
According to the firm, the worm had been operating discreetly for at least two years and was likely written by “an organized, well-funded group of people working to a clear set of directives.”
Symantec said the virus had also been found in computers in Hungary, Austria, Russia, Hong Kong and the United Arab Emirates.
This new manifestation is apparently more powerful, and holds similar code to the virus that attacked Iranian oil terminals a month ago - it seems they all share a common source or sorts.
I’d say we all have our guesses, as to who is behind it - Stuxnet origins considered, and bearing in mind it seems to have struck places across the entire middle-east, aside from Israel. Kaspersky’s assertion that it was “no doubt” developed by a state actor seems to support that.
You do have to wonder what would happen if the tables were turned around… it’d no doubt be all over headlines if it was an Iranian cyber-attack on Israel, or an Iranian cyber-attack on the USA - it would be decried as cyber-terrorism, if not an outright act of war.