All the latest UK technology news, reviews and analysis

Kaspersky blames Flame malware attack on state sponsor

28 May 2012
Flame code uncovered by Kaspersky

Security firm Kaspersky has said it is convinced the massive Flame malware attack infecting major IT systems in Iran and other nations in the Middle East was a state-sponsored attack.

The attack was revealed by the Iranian Computer Emergency Response Team (Maher) at the same time as Kaspersky revealed its investigation into the malware, which follows on from similar high-profile attack codenamed Stuxnet and Duqu.

The malware is highly sophisticated and able to carry out several functions, including network monitoring, disk scanning, screen capturing, recording sound from in-built microphones and infiltrating various Windows systems.

Writing in a blog post Kaspersky researcher Alexander Gostev said it seemed highly unlikely such a sophisticated piece of malware could have been by another group than one with backing from a nation state.

"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group," he said.

"In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it."

He said it was likely the perpetrators had no single source of information they were looking to gather, and was instead built for "general cyber-espionage purposes".

"It looks like the creators of Flame are simply looking for any kind of intelligence - emails, documents, messages, discussions inside sensitive locations, pretty much everything."

However he said there was no clear indication which nation could be behind the attack, and the firm also provided information on those nations that had been affected, including Iran, but also Israel and Palestine, Sudan, Syria and Saudi Arabia (pictured below).

Flame attack regions affected in the Middle East courtesy of Kaspersky Labs

Symantec also said that it was analysing the malware and said it was clear that it would have had the backing of major sponsors and other nations that appear to have been targeted are Russia and Hong Kong.

Kaspersky's Gostev also revealed that the malware is some 20MB in size, which makes it difficult to analyse, and is considerably more advanced than the previous attacks monitored in the region.

"Flame is a sophisticated attack toolkit. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master," he explained.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Dan Worth

Dan Worth is the news editor for V3 having first joined the site as a reporter in November 2009. He specialises in a raft of areas including fixed and mobile telecoms, data protection, social media and government IT. Before joining V3 Dan covered communications technology, data handling and resilience in the emergency services sector on the BAPCO Journal

View Dan's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Sony Xperia Z2 smartphone running Android KitKat 4.4

Sony Xperia Z2 video

We test out the latest Android KitKat flagship from Sony

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

.NET, iOS and Android Developer

.NET, iOS and Android Developer Basingstoke or...

Graduate/Junior Digital Designer

We‘re looking for a talented and enthusiastic Graduate...

2nd Tier Technical Support Associate

We are currently looking for a 2nd Tier Technical Support...
To send to more than one email address, simply separate each address with a comma.