Flowershop was operating as early as 2002, several years before Stuxnet was developed, and it appears that some of Flowershop’s code made it into a Stuxnet component, suggesting the two development teams collaborated or at the very least shared code. Researchers have previously found connections between Stuxnet and Flame and between Stuxnet and two other malware families known as Duqu and the Equation Group, the latter a group of tools attributed to the NSA. The researchers say the Flame and Stuxnet discoveries are possible thanks to new tools and investigative techniques that have only become available to researchers in the last few years. YARA lets researchers create rules or search parameters to scan entire networks for code and patterns of activity or search through vast repositories of malicious and suspicious code to spot code re-use across malware families. Guerrero-Saade describes the group behind Flame as “one of the most daring threat actors ever discovered.” So it made sense when he and Cutler were looking to test their theory that new research tools and techniques could help shed light on old threats to focus their retroactive investigation on Flame.