Researchers at Kaspersky Lab have uncovered new nation-state espionage malware that has links to two previous identified espionage tools known as Flame and Gauss, and it appears to be a “high-precision, surgical attack tool” targeting victims in Lebanon, Iran and elsewhere.The new malware has been coined miniFlame, although the attackers who designed it called it by two other names – “SPE” and “John.” MiniFlame appears to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware.
According to Wired, “It is the fourth piece of nation-state malware discovered in the last year that appears to have been created by the same group behind Stuxnet, the groundbreaking cyberweapon that sabotaged Iran’s nuclear program and is believed to have been created by the U.S. and Israeli governments. The others – all designed for espionage rather than destruction – are DuQu, Flame, and Gauss.”
“With Flame, Gauss and miniFlame, we have probably only scratched [the] surface of the massive cyber-spy operations ongoing in the Middle East,” the Kaspersky researchers write in a report released Monday. “Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown.”
The report was released as the U.S. continues to make claims against China for its involvement in nation-state cyberespionage. Most notably are the alleged hacks against Google to obtain intelligence about political dissidents and against defense contractors to obtain military secrets.
The risk with miniFlame/SPE malware is that it can be used on its own as a small, standalone data collection tool, or it can be inserted into Flame or Gauss. Until recently, it was assumed that Flame and Gauss were independent nation-state projects that had no connection; but the discovery of miniFlame is the first solid clue that the two projects came out of the same “cyberweapon factory” and were part of the same larger operation.
While the targets appear to be focused on the Middle East, the question must still be answered as to how far this has spread and what information are these countries trying to obtain. While many of us feel that our data is protected and even if it is not, what is the real harm in being compromised, the bigger risk is what happens when the financial institutions are attacked – replacing a credit card is an inconvenient, not being able to use credit cards could impact a nation.
Frank Toscano is a 15+ year specialist in cloud based services focusing on Product Management, Marketing and Security within the Cloud. He has worked for EasyLink Services and Premiere Global Services in a global role providing hosted services to Fortune 1000 clients. He is currently seeking employment with a cloud based provider in a senior level Product/Marketing role.
No comments:
Post a Comment