Iran CERT fingers Flame for oil refinery attacks

By on
Iran CERT fingers Flame for oil refinery attacks

Malware cut oil artery from the internet.

The malware that cut Iran’s major oil arteries from the internet was likely the sophisticated Flame worm, Iran’s Computer Emergency Response Team (CCCERT) says.

The CERT told SC Magazine that it thought the April “wiping incident” in which key parts of Iran’s oil export sector had internet access cut, was due to the downloading and installation of a module of the Flame malware.

Iran’s Kharg Island terminal was responsible for exporting 90 per cent of the nation’s oil and was also disconnected along with an unknown number of other facilities across the country.

Mehr News said at the time of the infection that the disconnection had not disrupted crude oil production and exports. 

CCCERT planned to release a detailed report later today on the incident.

The malware was publicly detailed almost simultaneously by Iran’s CERT (which dubbed it Flamer), Kaspersky (Flame), and CrySyS (sKyWIper).

Each research entity detailed the malware, and noted similarities to Stuxnet and Duqu. Kaspersky researcher Alex Gostev said it was the “most sophisticated cyber weapon yet unleashed”.

It was described as surveillance malware and had the ability to record audio, keystrokes and even Bluetooth devices.

The malware had targeted predominately Middle Eastern countries and some European nations, but  its creator was unknown.

In an interview with Army Radio reported by ABC News, Israel's vice premier did not deflect suspicion about the nation's involvement in the creation of Flame.

"Whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it," Israeli Vice Premier Moshe Yaalon said of Flame. "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us."

CrySyS has released a detailed technical writeup on Flame (pdf) and you can download Iran CERT’s Flame removal tool from SC.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?