The United States and Israel developed the Flame malware to gather intelligence on Iranian networks ahead of the attack by Stuxnet, Western officials said.
Those sources said the malware was developed by the US National Security Agency, the Central Intelligence Agency and Israel’s military, although the agencies refused to comment.
Flame was surveillance malware and could record audio, keystrokes and even Bluetooth devices. Sources told the Washington Post it paved the way for Stuxnet and was “about preparing the battlefield for another type of covert action”.
The malware was responsible for damaging key parts of Iran’s oil sector in April, the country’s Computer Emergency Response Team told SC, forcing the country's main export terminal offline.
The revelations confirm existing suspicions that Flame and Stuxnet were developed by the same engineers, a notion first flagged by Kaspersky security analyst Alexander Gostev, who spotted a shared zero-day hole present in Flame and an early version of Stuxnet.
Last month, Israel's vice premier failed to deflect suspicion about the nation's involvement in the creation of Flame.
He told Army Radio that "whoever sees the Iranian threat as a significant threat is likely to take various steps, including these, to hobble it” adding that "Israel is blessed with high technology, and we boast tools that open all sorts of opportunities for us".