When digital sleuths found Flame – a massive cyberespionage campaign targeting Iran – they were astounded. Now, it seems, Flame was just the tip of the iceberg.
Not unlike the fictional Mr. Phelps of "Mission Impossible," real-life spies today direct their computer cyberespionage programs to self destruct – delete themselves – after use. Bare scraps of digital code can be pretty thin evidence for investigators.
Even so, digital forensic sleuths at two antivirus companies – Kaspersky Labs and Symantec – on Monday announced new discoveries from piecing together the cyber shards of a program called Flame, which further reveal an extensive cyberespionage operation apparently directed at Iran.
Already, media reports have claimed that the US and Israel launched Stuxnet – the world's first cyberweapon – to slow Iran's nuclear program, and that three other cyberespionage programs, including Flame, were part of the same effort. Now, the new analysis reveals traces of at least three more malicious programs targeting Iran, suggesting there are still a significant number of programs yet to be discovered spying on Iranian computers.
There are fresh signs, too, that the harvest has been vast.
“Flame's creators are good at covering their tracks," Alexander Gostev, chief security expert at Kaspersky Lab said in a statement. "But one mistake of the attackers helped us to discover more data...."