Entries with tag iran.

Security Researcher: First Stuxnet Version Was More Dangerous

A newly released analysis of the Stuxnet worm—which has been called the first cyberweapon—contends it has a forgotten sibling. Like the more famous Stuxnet version, the older, more complex malware was also built to disrupt the functioning of Iran’s uranium enrichment facility, said control-system security expert Ralph Langner, head of independent cyberdefense consultancy the Langner Group. It was designed to infect a controller to increase the operating pressure in the facility’s gas centrifuges to damaging levels that would ultimately erode the centrifuges. Langner said the malware “is about an order of magnitude more complex and stealthy [than the subsequent Stuxnet version]. It qualifies as a nightmare for those who understand industrial control system security. And strangely, this more sophisticated attack came first. The simpler, more familiar [version] followed years later.” He contends there was a “change in stakeholders” as Stuxnet was being developed. All indications point to the US National Security Agency as Stuxnet’s creator, Langner said. (SlashDot)(Help Net Security)(Foreign Policy)(“To Kill a Centrifuge: A Technical Analysis of What Stuxnet’s Creators Tried to Achieve,” Ralph Langner, The Langner Group, November 2013.”)

Google Stops Attacks on Users Tied to Iranian Elections

Google announced it has been seeing and halting a huge increase in phishing activity targeting its Iranian users as the nation prepares for its presidential elections. Google stated it “detected and disrupted multiple e-mail-based phishing campaigns aimed at compromising the accounts owned by tens of thousands of Iranian users. The timing and targeting of the attacks suggest that they are politically motivated and relate to the Iranian presidential election on Friday.” The type of attack used tries to lure users to false Google webpages pages on which they are asked to provide their username and password. Google provided no further details. (PC Mag)(The Telegraph)(Bloomberg Businessweek)

Flame Malware Authors Wanted to Steal Iranian Technical Drawings

Initial analysis of the Flame malware toolkit by Kaspersky Lab researchers shows the attackers sought technical drawings from Iran. The researchers also reported that the network went dark within an hour of the operation being made public last week but not before the authors updated infected machines. Kaspersky Labs used a technique called sinkholing to obtain its information. “Sinkholing is a procedure when we discover a malicious server—whether it is an IP address or domain name—that we can take over with the help of the authorities or the [domain] registrar,” Kaspersky senior researcher Vitaly Kamluk told the BBC. “We can redirect all the requests from the victims from infected machines to our lab server to register all these infections and log them.” This was how they determined that the attackers targeted Iran and sought AutoCAD schematics, as well as some PDF and text files. The attackers reportedly used complex false identities to carry out their plans and registered at least 86 domain names for their command-and-control infrastructure since 2008. The Kaspersky analysis shows that the command-and-control server network moved regularly and was in locations such as Germany, Hong Kong, Turkey, and the UK.  Kaspersky has not determined if Flame is related to a virus that targeted the Iranian oil ministry in April but they think it was created by the same nation-state responsible for the Stuxnet malware attacks. (Wired)(BBC)(Securelist)

Showing 3 results.