Kaspersky Labs announced the discovery of Flame, a worm it describes as what might be the most sophisticated cyber weapon yet unleashed. Just like Stuxnet, the Flame worm seems to hit the Middle East but it packs a lot more functionality. With a packet size of 20MB the new worm is roughly 40x larger than Stuxnet, it packs many different libraries and is capable of infecting fully-patched Windows 7 systems. The date of creation is unknown, Kaspersky Labs is sure the worm was out in the wild as early as in February to March 2010, but the likelihood that before than there existed an earlier version is extremely high.
Is this a nation-state sponsored attack or is it being carried out by another group such as cyber criminals or hacktivisits?
Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it.
Who is responsible?
There is no information in the code or otherwise that can tie Flame to any specific nation state. So, just like with Stuxnet and Duqu, its authors remain unknown.