Security Researchers Discover Link Between Stuxnet and Flame - diazhisherecur

Security researchers from antivirus vendor Kaspersky Labs have found evidence that the development teams behind the Fire and Stuxnet cyberespionage threats collaborated with each other.

The Kaspersky researchers determined that Flaming, which is believed to have been created in 2008, and a 2009-version of Stuxnet divided one component that served the same purpose and had similar beginning code.

Indorse in October 2022, Kaspersky's researchers analyzed a sample that had been mechanically classified as a Stuxnet variant by the company's machine-driven systems. At the time, the researchers dismissed the detection as an wrongdoing because the sample's cipher looked nothing like the code in Stuxnet.

Still, after Flare was determined at the death of May, the Kaspersky researchers searched their database for malware samples that might be attached the new threat and ground that the sample sensed equally Stuxnet in 2022 was in reality a Flame mental faculty. The mental faculty uses an autorun.inf trick to taint computers via USB drives.

Upon far search, the Kaspersky analysts determined that Stuxnet.A, which was created in early 2009, uses the same autorun.inf trick to spread via USB drives. In fact, the source code responsible for this is almost isotropic to the one in the Fire module.

"It looks suchlike the Flame platform was used to kick start the Stuxnet chopine," said Roel Schouwenberg, a senior researcher with Kaspersky Lab's global research and analysis team, during a conference call with the press.

Same Flaw Targeted

The Kaspersky researchers already knew that Stuxnet and Fire leveraged the same EoP vulnerability, just this wasn't conclusive proof that their developers collaborated. The exploit could have been created past a third-political party that sold it to some teams, Schouwenberg said.

However, the new discovery suggests that the developers of the deuce malware threats actually joint source code, which is intellectual property and wouldn't normally comprise shared 'tween uncorrelated teams. "We are nowadays 100-percent careful that the Flame and Stuxnet groups worked unneurotic," Schouwenberg said.

The Kaspersky researchers discovered that the Flaming module integrated into Stuxnet.A exploited a Windows elevation of favour (EoP) vulnerability that wasn't known at the time of the malware's creation. This would be the fifth set-twenty-four hour period (previously unfamiliar) vulnerability exploited aside Stuxnet, Schouwenberg aforementioned.

The researchers believe that this exposure was one that Microsoft patched in June 2009, few months after the creation of Stuxnet.A, simply they are not yet confident and are still investigating.

Later Stuxnet versions stopped exploitation the Flame module entirely and began exploiting a separate vulnerability that relied along deformed LNK (shortcut) files to propagate via USB drives.

Interestingly, the exploit code from Stuxnet.A's Flare-borrowed module is really similar to the exploit code for a different EoP vulnerability that's attendant in later Stuxnet versions. The researchers believe that both sections of code were written by the same programmer.

Same Source, Different Purposes

When Microsoft patched the EoP vulnerability in 2009 — few months after the creation of Stuxnet.A — the Stuxnet developers stopped-up exploitation the Flame module for propagation and began exploiting a newly vulnerability, which relied on malformed LNK (shortcut) files.

The hypothesis arouse by the Kaspersky researchers is that Flame and Stuxnet were created by two separate teams as part of two operations funded by the same nation state. Flame was probably put-upon for espionage and Stuxnet used for sabotage, Schouwenberg aforementioned.

Reported to a modern New York Times theme that quotes unknown sources from the Obama administration, Stuxnet was created by the U.S. and Israeli governments as part of a secret cognitive operation called Olympic Games with the goal of crippling Iran's ability to produce weapon-tier nuclear fuel.