Categories: SecurityWorkspace

MiniFlame Sabotage Tool Spotted Supporting State-Funded Malware

A small “surgical attack tool” has been spotted in nation state-sponsored cyber attacks, complementing more powerful malware such as Flame.

Flame, spotted earlier this year targeting Middle Eastern nations, was highly sophisticated cyber espionage malware. But it has a little brother, according to Russian security firm Kaspersky.

Kaspersky initially thought the malware was simply a component of Flame, or even an early version of it. It later became clear MiniFlame was working alongside the Gauss malware, another cyber espionage tool, and could operate on its own or as a module.

Flame’s own Mini-Me

MiniFlame, which Kaspersky believes was created in 2007 at the latest, is based on the Flame platform but implemented independently. It is believed that Flame, Gauss and MiniFlame were all produced by the same nation state-sponsored team.

“[MiniFlame] is a small, fully functional espionage module designed for data theft and direct access to infected systems. If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool,” read a blog post from Kaspersky Lab’s Global Research & Analysis Team (GReAT).

“The discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same ‘cyber-weapon factory’.”

MiniFlame was most likely used in attacks on a small number of “high profile” victims. It is used to provide backdoor access to the attackers.

The Russian firm has thus far discovered six different versions of MiniFlame, but it has not been found on many machines. Only between 50 and 60 infections have been estimated, compared to between 5000 and 6000 for Flame and as many as 10,000 for Gauss.

Stuxnet, which also has connections to Flame and its comrades, found its way onto around 300,000 systems. It is believed the US and Israel created Stuxnet and Flame.

“Unlike Flame, where the vast majority of incidents were recorded in Iran and Sudan, and unlike Gauss, which was mostly present in Lebanon, SPE does not have a clear geographical bias,” GReAT added.

“However, we believe that the choice of countries depends on the SPE variant. For example, the modification known as «4.50» is mostly found in Lebanon and Palestine. The other variants were reported in other countries, such as Iran, Kuwait and Qatar.”

Looking at the IPs of the victims, Kaspersky also found there were a notable number of apparent infections in France. “The IPs in France are the most curious ones – some do appear to be proxies or VPNs, but others are not so obvious.

“For instance, one of the IPs of victims in France belongs to Francois Rabelais University of Tours.

“With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East. Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown.”

Are you a security guru? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

19 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

22 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

1 day ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

2 days ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

2 days ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

2 days ago