Iran CERT fingers Flame for oil refinery attacks

Powered by SC Magazine
 

Malware cut oil artery from the internet.

The malware that cut Iran’s major oil arteries from the internet was likely the sophisticated Flame worm, Iran’s Computer Emergency Response Team (CCCERT) says.

The CERT told SC Magazine that it thought the April “wiping incident” in which key parts of Iran’s oil export sector had internet access cut, was due to the downloading and installation of a module of the Flame malware.

Iran’s Kharg Island terminal was responsible for exporting 90 per cent of the nation’s oil and was also disconnected along with an unknown number of other facilities across the country.

Mehr News said at the time of the infection that the disconnection had not disrupted crude oil production and exports. 

CCCERT planned to release a detailed report later today on the incident.

The malware was publicly detailed almost simultaneously by Iran’s CERT (which dubbed it Flamer), Kaspersky (Flame), and CrySyS (sKyWIper).

Each research entity detailed the malware, and noted similarities to Stuxnet and Duqu. Kaspersky researcher Alex Gostev said it was the “most sophisticated cyber weapon yet unleashed”.

It was described as surveillance malware and had the ability to record audio, keystrokes and even Bluetooth devices.

The malware had targeted predominately Middle Eastern countries and some European nations, but  its creator was unknown.

In an interview with Army Radio reported by ABC News, Israel's vice premier did not deflect suspicion about the nation's involvement in the creation of Flame.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon said of Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

CrySyS has released a detailed technical writeup on Flame (pdf) and you can download Iran CERT’s Flame removal tool from SC.

Copyright © SC Magazine, Australia


Iran CERT fingers Flame for oil refinery attacks
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 436

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote