A complex targeted cyber-attack that collected private data from
countries such as Israel and Iran has been uncovered, researchers have said. Russian
security firm Kaspersky Labs told the BBC they believed the malware, known as
Flame, had been operating since August 2010. The company said it believed the
attack was state-sponsored, but could not be sure of its exact origins. They
described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's
International Telecommunication Union. They had been investigating another
malware threat, known as Wiper, which was reportedly deleting data on machines
in western Asia. In the past, targeted malware - such as Stuxnet - has targeted
nuclear infrastructure in Iran. Others like Duqu have sought to infiltrate
networks in order to steal data. This new threat appears not to cause physical
damage, but to collect huge amounts of sensitive information, said Kaspersky's
chief malware expert Vitaly Kamluk. "Once a system is infected, Flame
begins a complex set of operations, including sniffing the network traffic,
taking screenshots, recording audio conversations, intercepting the keyboard,
and so on," he said. More than 600 specific targets were hit, Mr Kamluk
said, ranging from individuals, businesses, academic institutions and government
systems. Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was
responsible for "recent incidents of mass data loss" in the country. The
malware code itself is 20MB in size - making it some 20 times larger than the
Stuxnet virus. The researchers said it could take several years to analyse.
No comments:
Post a Comment