Iran CERT fingers Flame for oil refinery attacks

Powered by SC Magazine
 

Malware cut oil artery from the internet.

The malware that cut Iran’s major oil arteries from the internet was likely the sophisticated Flame worm, Iran’s Computer Emergency Response Team (CCCERT) says.

The CERT told SC Magazine that it thought the April “wiping incident” in which key parts of Iran’s oil export sector had internet access cut, was due to the downloading and installation of a module of the Flame malware.

Iran’s Kharg Island terminal was responsible for exporting 90 per cent of the nation’s oil and was also disconnected along with an unknown number of other facilities across the country.

Mehr News said at the time of the infection that the disconnection had not disrupted crude oil production and exports. 

CCCERT planned to release a detailed report later today on the incident.

The malware was publicly detailed almost simultaneously by Iran’s CERT (which dubbed it Flamer), Kaspersky (Flame), and CrySyS (sKyWIper).

Each research entity detailed the malware, and noted similarities to Stuxnet and Duqu. Kaspersky researcher Alex Gostev said it was the “most sophisticated cyber weapon yet unleashed”.

It was described as surveillance malware and had the ability to record audio, keystrokes and even Bluetooth devices.

The malware had targeted predominately Middle Eastern countries and some European nations, but  its creator was unknown.

In an interview with Army Radio reported by ABC News, Israel's vice premier did not deflect suspicion about the nation's involvement in the creation of Flame.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon said of Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

CrySyS has released a detailed technical writeup on Flame (pdf) and you can download Iran CERT’s Flame removal tool from SC.

Copyright © SC Magazine, Australia


Iran CERT fingers Flame for oil refinery attacks
 
 
 
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
 
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
 
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  43%
 
No
  57%
TOTAL VOTES: 527

Vote