I’m not an expert in attribution neither in cyber war but in the light of the recent Sony hack and its “attribution” to North Korea, I did a little of research. The below article is a summary of what I found and a few thoughts as well.
Information about the Flame virus have been published in the the last few days of May 2012. This discovery has been made two years after Stuxnet (June 2010) and less than a year after Duqu (Sept. 2011). Despite the fact that those three virus have different objectives, they have in common their complexity and the fact that they have been probably developed by people with “unlimited” resources. So where are we now? Is this cyberwar? or this is the natural evolution of cyber criminal?
What is Flame? How does it work?
Easy question, but difficult answer! In short Flame is a little bit of everything. The best way to describe it to use the term “attack toolkit”. It’s a toolkit because it’s modular approach allow him to become a backdoor, a worm, it can also perform various malicious activities such as key logger, network sniffing, listening to audio interface, steal information, enable Bluetooth and scan other devices, etc. In short it can do more or less everything a hacker will dream of. Also, based on the experience of the security industry with Stuxnet everybody was expecting several Zero-Day attacks. There is actually no evidence of such type of attack in Flame. Especially there is still some questions about the initial infection vector. However Kaspersky has observed that a fully patched Windows 7 was still being infected, raising more suspicion about a zero day attack. Further analysis highlight a different story… Continue reading “Flame – Cyberwar in action?”