It’s been a week since a senior official in Iran announced that they had discovered a new targeted attack aimed at them. The details of this attack are still vague. While Iran has labeled the attack "Stars", it’s not clear if it is Stuxnet-like in its complexity, target, or ultimate goals. Iran says they have not yet discovered it purpose. And it appears they have not shared malware samples with any outside security researchers.
If more details emerge, specifically a sample of the threat that can be examined by security researchers, or a hash of the suspected file so we can identify it in our sample set, we’ll examine it. Until then we can only speculate. So here goes: my thoughts on what possibly could be going on.
1. Iran has discovered the "Brother-of-Stuxnet"
Given the resources that were put behind Stuxnet, it shouldn't be surprising that more than one attack was planned. In product development, it is not unusual to have two teams competing to solve a problem. And from what I know about espionage (which admittedly, is all learned from spy movies) it’s not unusual with those folks either. You can then pick the best effort with which to move forward. It also give you a plan B, in case your first effort doesn't work out like you hoped it would. It is very possible Iran has discovered plan B.
2. Imitation is the sincerest form of flattery
We have predicted that Stuxnet would drive other nation states to create similar malware. Another player may have jumped into the game, attempting to show off their cyber espionage skills and reach some objective known only to them.
3. Paranoia rules
It is quite possible that Iran has detected a massive attack that just happened to strike at them. This malware could be a fake AV program, who’s only purpose is to steal $49.95 in Iran currency. But given the paranoia of cyber attacks that must be running rampant in the government there, or perhaps to put it kindly, because of the extreme caution they likely now take, they have overreacted to a garden variety piece of malware.
4. The dog ate my homework
Maybe somebody is running behind on an important project, their boss is breathing down their necks and they need a good excuse for being late. I've used the same technique on my boss before. “I would have had that white paper done, but I forgot to save it and then my machine crashed”, “I emailed it to you, you didn't get it?” or “An Israeli hacker crippled my server and I can't possibly make that deadline you gave me.”
As I said, I am just speculating. It's likely to be one of these reasons, but then again maybe it’s something else. What I am sure of is that unless security researcher are given a sample of the threat, speculation is all we have.