The hackers behind the Gauss cyber-espionage malware targeting banks in the Middle East are directing infected computers to connect to command-and-control servers used by the Flame spyware, researchers said today.
This is the latest sign that the same people behind Gauss also played a part in the creation of Flame, which is linked to Stuxnet and its simpler cousin Duqu. Stuxnet, which appears to have been designed to sabotage Iran's nuclear program, was the first real cyberweapon targeting critical infrastructure systems. The U.S., with help from Israel and possibly others, is believed to have been behind Stuxnet and Flame, to thwart Iran's nuclear program and preempt a military strike, according to several reports.
"Gauss bot masters have directed their zombies to connect to the Flame/SkyWiper CnC to take commands," a post on the FireEye Malware Intelligence Lab says. "Previously Kaspersky found intriguing code similarities between Gauss and Flame, but this shift in its CnC confirms that the guys behind Gauss and Flame/SkyWiper are the same."