After much speculation, Stuxnet was recently revealed as having been developed in a joint operation between the US and Israel in order to slow Iran’s progress in enriching development by sabotaging their centrifuges. Flame is another cyber-attack against Iran, but with an aim to investigate the technology infrastructure they have in place rather than sabotage it, at least for the time being. As we know that Stuxnet was part of a larger cyber-warfare effort by the US and Israel against Iran known as Olympic Games, many have inferred that Flame is part of that same mission – but now we have a little evidence to help prove that claim.
Security researchers at Kaspersky have found a connection between the two attacks which show that they share code – which means that it is likely that either they are part of the same effort, or at least the developers of each cyber-warfare tool knew about the other and so may well share origins or objectives.
Vitaly Kamluk, the Kaspersky’s chief malware expert, said:
There is a link proven – it’s not just copycats…We think that these teams are different, two different teams working with each other, helping each other at different stages.
They have found a module known as “Resource 207” that was used in early versions of Stuxnet which has a striking similarity to a module in Flame which “includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming” according to Alexander Gostev, chief security expert at the Russian-based security company.
Flame appears to have been active since 2007 when the fake details being used by the tool began registering domain names to use with the malware attack – and so has likely been monitoring Iranian infrastructure since then in order to send back details of their locations and technical setup. It may well, in fact, be the tool that was first deployed against Iran as an intelligence and fact-finding mission, before Stuxnet was built as a cyber-weapon to attack the weaknesses that Flame had found. If this was the case, then the developers of Stuxnet may well have used the code from Flame that had got through the Iranian cyber-defences and leveraged the same vulnerabilities to employ the weapon of sabotage. If this is the case, then it is very likely that Stuxnet and Flame are both part of the US and Israeli joint Olympic Games mission against Iran.