Stuxnet worm 'was designed to target nuclear plants'
Posted: Tue Nov 16, 2010 4:52 pm
Stuxnet worm 'was designed to target nuclear plants'
By Stewart Meagher.
"The Stuxnet worm was deliberately designed to sabotage nuclear facilities according to a more-serious-than usual security report."
Describing the malicious code as "one of the most complex threats we have analysed", Symantec says that Stuxnet was designed to mess with specific industrial control systems which are so uncommon that it seems likely that the attack was aimed at Iranian nuclear plants.
The report says the unusually sophisticated malware was aimed at Siemens Simatic WinCC SCADA systems which manage pipelines in nuclear plants.
According to Symantec, Stuxnet targets only specific hardware under specific conditions and that hardware can be found in the Bushehr and Natanz nuclear facilities in Iran, and not many other place on earth.
"To infect their target, Stuxnet would need to be introduced into the target environment," says the report. "This may have occurred by infecting a willing or unknowing third party, such as a contractor who perhaps had access to the facility, or an insider. The original infection may have been introduced by removable drive."
The insecurity outfit stops short of actually pointing the finger at the two uranium enrichment plants but the implication is obvious.
The virus is thought to have infected more than 100,000 computer systems worldwide, 40 per cent of them in Iran, but we doubt the Iranian nuclear industry would be keen to let slip if it was included on that list.
Some security researchers have suggested that the attack was so sophisticated that it could only have been created by a nation state with access to the best hackers on the planet.
They stopped short of coughing something which sounded a bit like "Mizz Rail" behind their hands and looking in the other direction.
Link to full report in pdf format by Symantec
http://www.wired.com/images_blogs/threa ... ossier.pdf
By Stewart Meagher.
"The Stuxnet worm was deliberately designed to sabotage nuclear facilities according to a more-serious-than usual security report."
Describing the malicious code as "one of the most complex threats we have analysed", Symantec says that Stuxnet was designed to mess with specific industrial control systems which are so uncommon that it seems likely that the attack was aimed at Iranian nuclear plants.
The report says the unusually sophisticated malware was aimed at Siemens Simatic WinCC SCADA systems which manage pipelines in nuclear plants.
According to Symantec, Stuxnet targets only specific hardware under specific conditions and that hardware can be found in the Bushehr and Natanz nuclear facilities in Iran, and not many other place on earth.
"To infect their target, Stuxnet would need to be introduced into the target environment," says the report. "This may have occurred by infecting a willing or unknowing third party, such as a contractor who perhaps had access to the facility, or an insider. The original infection may have been introduced by removable drive."
The insecurity outfit stops short of actually pointing the finger at the two uranium enrichment plants but the implication is obvious.
The virus is thought to have infected more than 100,000 computer systems worldwide, 40 per cent of them in Iran, but we doubt the Iranian nuclear industry would be keen to let slip if it was included on that list.
Some security researchers have suggested that the attack was so sophisticated that it could only have been created by a nation state with access to the best hackers on the planet.
They stopped short of coughing something which sounded a bit like "Mizz Rail" behind their hands and looking in the other direction.
Link to full report in pdf format by Symantec
http://www.wired.com/images_blogs/threa ... ossier.pdf