There's no direct evidence that the malware comes from the government, but the malware's command and control IP address is registered to a governmental defense contractor. Plus, the data pulled from infected machines indicates it could be an example of the FBI's computer and internet protocol address verifier (CIPAV) software first identified by Wired in 2007. CIPAV has been used by the FBI to help identify and catch terrorists, hackers and criminals since 2002, but the exact nature of the software has never been revealed. Regardless, the vulnerability in the browser has been identified and fixed, so users need only update to the newest version of the Tor browser to keep their web traffic away from prying eyes... for now, at least.
Source: By Michael Gorman engadget.com