Security firm Kaspersky has said it is convinced the massive Flame malware attack infecting major IT systems in Iran and other nations in the Middle East was a state-sponsored attack.
The attack was revealed by the Iranian Computer Emergency Response Team (Maher) at the same time as Kaspersky revealed its investigation into the malware, which follows on from similar high-profile attack codenamed Stuxnet and Duqu.
The malware is highly sophisticated and able to carry out several functions, including network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems.
Writing in a blog post Kaspersky researcher Alexander Gostev said it seemed highly unlikely such a sophisticated piece of malware could have been by another group than one with backing from a nation state.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group," he said.
"In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."
He said it was likely the perpetrators had no single source of information they were looking to gather, and was instead built for "general cyber-espionage purposes".
"It looks like the creators of Flame are simply looking for any kind of intelligence - emails, documents, messages, discussions inside sensitive locations, pretty much everything."
However he said there was no clear indication which nation could be behind the attack, and the firm also provided information on those nations that had been affected, including Iran, but also Israel and Palestine, Sudan, Syria and Saudi Arabia (pictured below).
Symantec also said that it was analysing the malware and said it was clear that it would have had the backing of major sponsors and other nations that appear to have been targeted are Russia and Hong Kong.
Kaspersky's Gostev also revealed that the malware is some 20MB in size, which makes it difficult to analyse, and is considerably more advanced than the previous attacks monitored in the region.
"Flame is a sophisticated attack toolkit. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master," he explained.
Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal.