Security researchers at ESET in Bratislava have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran—and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named "Dino" by its developers and has been described as a "full featured espionage platform." And this advanced persistent threat malware, according to researchers, might as well come with a "fabriqué en France" stamp on it.
Based on analysis of Dino's code from a sample that infected systems in Iran in 2013, "We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware," ESET's Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. "Dino contains interesting technical features, and also a few hints that the developers are French speaking," Calvet noted.
Other members of the "Animal Farm" malware family have been attributed to French intelligence agencies by researchers—including a 2011 analysis by Canada's Communications Security Establishment revealed by documents leaked by former National Security Agency contractor Edward Snowden. Dino shares attributes with the other members of the "Animal Farm" malware family and improves on many of the techniques of "Babar," the previous generation intelligence-gathering software implant.