'Mini-Flame' virus hikes Mideast cyberwar

Oct. 16, 2012 at 12:39 PM
share with facebook
share with twitter
Sign up for our Security newsletter

BEIRUT, Lebanon, Oct. 16 (UPI) -- Amid U.S. warnings about a potentially cataclysmic cyberattack, with Iran the most likely culprit, cybersecurity experts say they've uncovered a new powerful espionage virus in the Middle East that's reserved for high-value targets.

The virus, used in recent attacks in Iran and Lebanon has been dubbed "Mini-Flame" by researchers at Moscow's Kaspersky Lab, a leading cybersecurity company, after the W32.Flame malware discovered earlier this year.

Flame and another new virus known as Gauss were used in a series of cyber attacks against targets in Iran recently, which Kaspersky claims come from the same "cyber-weapon factory" as these two variants, as well as the Stuxnet program used against Iran's nuclear program in 2009-10.

Lebanese banks that U.S. officials say are suspected of laundering money for Iran and Hezbollah, its powerful Lebanese proxy, have also been hit in recent weeks.

This suggests that these viruses are the work of the U.S. and Israeli intelligence services, which at one time or another over the last three years have hit Iran's nuclear program, and more recently its oil industry, and that further cyberattacks are likely amid an armed confrontation in the Persian Gulf.

Stuxnet is widely believed to have been developed by Israeli and U.S. intelligence agencies, including Israel's super-secret Unit 8200, as part of their clandestine campaign to sabotage Tehran's uranium-enrichment program, allegedly aimed at developing nuclear weapons. Iran says its program is for peaceful purposes.

The New York Times reported in June that Stuxnet was part of a joint U.S.-Israeli cyber war operation codenamed Olympic Games directed against the Islamic Republic.

The concern now is that the Iranians are driving to develop their own cyber weapons -- and recent evidence suggests they're well advanced -- to strike back against the United States and Israel in what Rear Adm. Samuel Cox, director of intelligence at the U.S. Cyber Command, calls "a global cyber arms race."

It's these fears, plus well-publicized attacks on Citigroup, Lockheed Martin and other U.S. companies, that led U.S. Defense Secretary Leon Panetta to warn Thursday that Iran could be preparing to launch a retaliatory major cyber attack on the United States.

Panetta did not specifically mention Iran as a threat in this regard. But he said the recent attacks on U.S. companies were probably "the most destructive attack that the private sector has seen to date."

Tehran denied Sunday it was behind those cyberattacks.

Israel too has been the target of increasing cyber strikes. Prime Minister Binyamin Netanyahu told a cabinet meeting Sunday there has been "an escalation in attempts to carry out a cyber attack on Israel's computer infrastructures. There are daily attempts to break into Israeli systems."

Kaspersky's chief security specialist, Alexander Gostev, says the information-stealing Mini-Flame works in tandem with Flame and Gauss.

"If Flame and Gauss were massive cyber-espionage operations, infecting thousands of users, then Mini-Flame is a high-precision, surgical attack took," the Russian researchers concluded.

Mini-Flame, Kaspersky researchers say, is apparently reserved for attacks against high-value targets "having the greatest significance ... to the attackers."

Gotsev believes that Mini-Flame is designed to be used as a second-wave" of attack on targets already hit by W32.Flame or Gauss.

"Mini-Flame is a high-precision attack tool," he said. "After data is collected via Flame and reviewed, a potentially interesting victim is defined and identified, and Mini-Flame is installed in order to conduct mire in-depth surveillance and cyber espionage."

The Financial Times, which has called for urgent efforts by industrial, financial and commercial concerns to build defenses against cyber-attacks, said the discovery of Mini-Flame has raised fears "that researchers have only begun to scratch the surface of cyber warfare being waged" in the Middle East.

"The covert cyber war being waged in the Middle East and North Africa -- particularly against Iran and its allies -- is even more sophisticated and widespread then had previously been understood, according to new research," one informed Western source observed.

The recent intensification of cyber operations in the Middle East has heightened concerns that these could trigger military conflict in the region, particularly in the gulf.

"Next year will see the escalation of cyber weapons," Eugene Kaspersky, co-founder of Kaspersky Lab, told a recent conference in Dubai.

Related UPI Stories
Trending Stories