It still may have been that Iran was behind the attack — but the new research suggests that, if it was, Iran had a lot of Russian help, and that when the malware needed to be fine-tuned, the Russian institute provided the expertise.

The attack marked one of the scariest moments so far in cyberattacks on critical infrastructure. It was the first known attempt to manipulate an emergency-shutdown system, which is designed to avoid disaster and protect human lives.

But something went wrong with the attack, and it actually prompted a full shutdown of the plant, which appeared to be accidental as the malware was loaded into the plant’s computers. No industrial accident occurred.

Nonetheless, the episode has captivated the attention of experts, who concluded that had things gone according to plan, the next stage of the attack was most likely intended to trigger an industrial accident. If that had happened, the shutdown system would have been disabled.

“We don’t know why this facility was targeted,” said John Hultquist, who oversaw the study at FireEye. “They may have just been testing things out, just experimenting.”