Based on analysis of Dino’s code from a sample that infected systems in Iran in 2013, “We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware,” ESET’s Joan Calvet wrote in a blog post today. The Casper malware was part of a large-scale attack on Syrian computers last fall. “Dino contains interesting technical features, and also a few hints that the developers are French speaking,” Calvet noted.
Other members of the “Animal Farm” malware family have been attributed to French intelligence agencies by researchers—including a 2011 analysis by Canada’s Communications Security Establishment revealed by documents leaked by former National Security Agency contractor Edward Snowden. Dino shares attributes with the other members of the “Animal Farm” malware family and improves on many of the techniques of “Babar,” the previous generation intelligence-gathering software implant.
I did not think the French were up to the task but it sure seems like they want to be playing in the same sandbox as their counterparts.