An Iranian official caused a stir Monday, claiming the nation's cybersecurity experts found another digital attack aimed at the Islamic country's systems.
Calling the attack "Stars," Gholam-Reza Jalali, the director of Irans Passive Defense Organization, said that the attack was camouflaged as a government file and that initial damage was slight, according to a report from the Mehr News Agency.While Jalali made connections between the attack and the sabotage committed by Stuxnet, the code has not been analyzed by any security firm.
"If they have a sample of something and they are not sharing it with anyone, then it is impossible for us to tell what it is, how serious it is and really if it is even targeted toward them," says Kevin Haley, director of Symantec's security response group. "So we are stuck with just guessing until we can look at a sample and figure out what it is doing and even if we have seen it before."
In July 2010, antivirus firms discovered samples of the Stuxnet worm, a custom-built attack on Iran's nuclear program, but only after a third-party security company had identified the attack as something different. Finding the program referred to by Jalali is nearly impossible without technical details, says Haley.
Given the description of the attack, it seems more likely that the malicious program may be a typical cyber espionage operation or phishing attack, rather than a state-sponsored attempt at sabotage, says Michael Assante, president of the National Board of Information Security Examiners and former chief security officer of the North American Electric Reliability Council.
"Everything is coming from this state-sponsored announcement of that specific individual," Assante says. "It looks like it is more of one of those focused direct phishing attacks, rather than something unique like Stuxnet."
Other security firms agree there is too little information at this point to make a determination of the nature of the attack. Both McAfee and F-Secure took a wait-and-see attitude.
"We currently have no way of verifying the attack the Iranian government is reporting, nor do we have any way of identifying who might be behind the attack or what the target could be," McAfee spokesman Joris Evers wrote in a blog post on Monday.
Until Iran makes available any code that they found, it's hard to say whether it is a nation-state attack or a regular phishing scam, says Mikko Hypponen, chief research officer for antivirus firm F-Secure.
"We can't tie this case to any particular sample we might already have," he wrote in blog post on Monday. "We don't know if this is another cyber attack launched by U.S. Government. We don't know if Iran officials have just found some ordinary Windows worm and announced it to be a cyber war attack."
