But if I were an elite cyberspy...
...I'd probably plant a few errors to mislead.
Just saying.
Fresh analysis of the Shamoon malware has concluded that its authors are more likely to be "skilled amateurs" rather than elite cyber-spies. Shamoon has been linked to recent high-profile malware outbreaks at Saudi Aramco and RasGas, Gulf-based oil and gas firms. Saudi Aramco lost its network for 10 days as a result of the …
If you'd read the write-up correctly, you'd have noticed, it's not that they didn't create means to download additional malware, but that they actually messed up the routines to do such - this makes them worse than amateurs (aside from anything else, testing code written, is programming 101, especially if you're coding it to be used maliciously).
Indeed, if they're to be called anything, it should be amateur coders, rather than programmers.
The fact there was virtually no protection against researchers/analysts identifying it, also makes it highly unlikely to be the work of professionals.
...how easy it is to manipulate people in certain political environments. My guess is that the burning flag display mentioned in the article did its part in the spread of this particular baddie.
And I quite agree that the IT security (if any) in those two oil companies should be fired en bloc; this is the sort of thing they are supposed to prevent. Of course, if the IT security in those companies is non-existent, the people who decided that IT Sec is superfluous should be fired instead. And their salaries invested in IT Sec.
Wish there were a "double-fail" icon...