4 Stuxnet-Related APTs Form Gossip Girl, an ‘Apex Threat Actor’


The infamous Stuxnet family of industrial sabotage malware is likely the work of a mysterious “supra-group” that Chronicle researchers Juan Andres Guerrero Saad and Silas Cutler have dubbed Gossip Girl; and it’s a group that turns out to be larger and far busier than previously known.

In a session at the Security Analyst Summit 2019 in Singapore this week, Saad and Cutler said that in addition to the APT groups already linked to Stuxnet, including developers behind Duqu, Flame and the NSA-linked Equation Group, a fourth, previously unknown collaborator called Flowershop is also related.

They came to their conclusions by uncovering an early Stuxnet component that they dubbed “Stuxshop.”

In the session, they also unveiled other Gossip Girl research, including the discovery of Duqu 1.5, which represents a previously unknown middle stage of that malware’s code. And, the duo said they discovered a new iteration of the Flame malware, called Flame 2.0 – which demonstrates that this code was resurrected after it seemed to disappear, and that it was actually active between 2014 and 2016.

Read more…
Source: ThreatPost