Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber-Spying Flame Attackers Operated On 'Need To Know' Basis

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 18 Sep 2012 00:15:09 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240007486/cyber-spying-flame-attackers-operated-on-8216-need-to-know-8217-basis.html

By Kelly Jackson Higgins
Dark Reading
Sept 17, 2012
New research published separately today by Kaspersky Lab and Symantec and in conjunction with CERT-Bund/BSI, and the International Telecommunications Union-IMPACT, shows that the sophisticated Flame cyberespionage campaign dates back to 2006 and confirms earlier suspicions of the existence of other related malware -- with three other related malware families out there, one of which is still in the wild.
Flame, which was first discovered by researchers this spring, is an information-stealing and spying tool that has been tied to Stuxnet, which sabotaged Iran's Natanz nuclear facility. It's basically a virtual, digitized spy tool that does what a human spy would do: recording phone calls, snapping photos, and siphoning information.
Researchers today confirmed their hypotheses that Flame just scratched the surface of the cyberespionage campaign most likely being conducted by a nation state. Published reports have pointed to the U.S. and Israel as playing a part in both Stuxnet and Flame, but neither Kaspersky Lab nor Symantec will comment on that.
Among the new findings about Flame is that it's not the newest version of malware used by the command-and-control server that was investigated by both Kaspersky and Symantec, and that the attackers took great pains to cover their tracks in order to evade detection. "They want to great lengths to hide things. Not only was the data stolen encrypted ... so no one could see it, but the fact that periodically everything on the server gets deleted, and the Wiper module would delete the malware off the client. Quite a bit of care was taken in covering their tracks," says Kevin Haley, director of Symantec Security Response. "That's indicative of a spy kind of thing." 

[...]


--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/
Previous By Date Next
Previous By Thread Next

Current thread: