Continued from page 1

“My guess would be that it was another Shamoon attack,” said Jeffrey Carr, the head of Taia Global, a computer security firm in McLean, Virginia.

Carr believes hackers working on behalf of the Iranian government were behind both attacks. He notes similarities between Shamoon and a virus that previously struck Iran, suggesting that Iran-linked hackers may have created Shamoon by adapting computer code from the earlier virus.

A number of Iranian groups have the skills to carry out an attack of this scope and may be using false claims of responsibility to obscure Tehran’s involvement, he said.

Iranian officials have not commented publicly on the latest viruses to hit the region. But Iran appears to be building up corps of pro-regime hackers, including a secretive “Cyber Army” thought to be linked to the country’s powerful Revolutionary Guard. Lebanon’s Iran-backed militant Hezbollah group is also believed to count skilled hackers among its ranks.

Tehran has been on the receiving end of a series of computer attacks in recent years.

Iranian technicians cut off Internet links to Iran’s Oil Ministry, rigs and the hub for nearly all the country’s crude exports earlier this year as they tried to battle malicious software known as Flame, which was able to steal information and spy on users.

In 2010, a virus called Stuxnet tailored to disrupt Iran’s nuclear centrifuges caused some setbacks within its uranium enrichment labs and infected an estimated 16,000 computers, Iranian officials say.

Alexander Klimburg, a computer security expert at the Austrian Institute for International Affairs, said the latest attacks against Saudi Arabia and Qatar are more complex than those typically employed by “hacktivist” groups seeking to highlight particular political or social causes.

He agrees that Iran might be involved, though he acknowledges it is difficult to know for sure.

“There has been an Iranian strategy … to interrupt the flow of oil out of the Strait of Hormuz,” he said. “Nobody’s ever said they’d do it just with fast boats,” a reference to the armed Revolutionary Guard craft that ply the Persian Gulf.

But other experts have their doubts.

Vitaly Kamluk, chief malware expert at Russian security company Kaspersky Lab, said that while the attacks appear to be acts of sabotage, there was no firm evidence that they were linked, nor was it known who exactly might be behind them.

“Attribution,” he said, “is extremely hard in cyberspace.”