Flame was discovered by Iran’s National Computer Emergency Response Team in 2012. It was used to mount sophisticated cyber espionage attacks on governmental ministries, educational institutions and individuals in Middle Eastern countries, infecting around 1,000 machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
The Flame malware was large and complex, designed to spread over local networks or via USB sticks. It could record audio, screenshots, keyboard activity and network traffic, including Skype® conversations. It was also capable of stealing contact information from any nearby Bluetooth®-enabled devices.
The malware was designed to be killed instantly by a remote instruction from the central command and control server. Attacks ceased when the malware was publicly disclosed. The Washington Post claimed that Flame was jointly developed by the U.S. National Security Agency, CIA and Israel’s military at least five years prior to discovery, although this was officially denied.