Iran CERT fingers Flame for oil refinery attacks

Powered by SC Magazine
 

Malware cut oil artery from the internet.

The malware that cut Iran’s major oil arteries from the internet was likely the sophisticated Flame worm, Iran’s Computer Emergency Response Team (CCCERT) says.

The CERT told SC Magazine that it thought the April “wiping incident” in which key parts of Iran’s oil export sector had internet access cut, was due to the downloading and installation of a module of the Flame malware.

Iran’s Kharg Island terminal was responsible for exporting 90 per cent of the nation’s oil and was also disconnected along with an unknown number of other facilities across the country.

Mehr News said at the time of the infection that the disconnection had not disrupted crude oil production and exports. 

CCCERT planned to release a detailed report later today on the incident.

The malware was publicly detailed almost simultaneously by Iran’s CERT (which dubbed it Flamer), Kaspersky (Flame), and CrySyS (sKyWIper).

Each research entity detailed the malware, and noted similarities to Stuxnet and Duqu. Kaspersky researcher Alex Gostev said it was the “most sophisticated cyber weapon yet unleashed”.

It was described as surveillance malware and had the ability to record audio, keystrokes and even Bluetooth devices.

The malware had targeted predominately Middle Eastern countries and some European nations, but  its creator was unknown.

In an interview with Army Radio reported by ABC News, Israel's vice premier did not deflect suspicion about the nation's involvement in the creation of Flame.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon said of Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

CrySyS has released a detailed technical writeup on Flame (pdf) and you can download Iran CERT’s Flame removal tool from SC.

Copyright © SC Magazine, Australia


Iran CERT fingers Flame for oil refinery attacks
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1880

Vote
Do you support the abolition of the Office of the Information Commissioner?