Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. At the same time we published our FAQ, CrySyS Lab posted their thorough analysis of sKyWIper. A few days earlier, Maher CERT published IOCs for Flamer. In short, Flame, sKyWIper and Flamer are different names for the same threat, which took the world by surprise as the first major discovery after Stuxnet and Duqu.
Since the discovery of Flame, we reported on many other advanced malware platforms, including Regin and Equation, yet Flame remains special in terms of being one of the most complex, surprising and innovative malware campaigns we have ever seen.
Looking back at the discovery of Flame, here are some lessons we learned.