Stuxnet

Stuxnet
Technical nameAs Stuxnet
Worm:Win32/Stuxnet.[Letter]
TrojanDropper:Win32/Stuxnet
  • By Symantec
W32.Stuxnet
W32.Stuxnet!lnk
  • By Sophos
Troj/Stuxnet-[Letter]
Trojan-Dropper.Win32.Stuxnet.[Letter]
Worm.Win32.Stuxnet.[Letter]
TR/Drop.Stuxnet.[Letter].[Number]
Worm.Win32.Stuxnet
  • By F-Secure
Trojan-Dropper:W32/Stuxnet
Rootkit:W32/Stuxnet
  • By Trend Micro
RTKT_STUXNET.[Letter]
LNK_STUXNET.[Letter]
WORM_STUXNET.[Letter]
TypeDropper
ClassificationComputer worm
AuthorsEquation Group
Technical details
Platform
Source:[1]

Stuxnet is a malicious computer worm first uncovered on June 17, 2010,[2] and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the Iran nuclear program after it was first installed on a computer at the Natanz Nuclear Facility in 2009.[3][4] Although neither the United States nor Israel has openly admitted responsibility, multiple independent news organizations claim Stuxnet to be a cyberweapon built jointly by the two countries in a collaborative effort known as Operation Olympic Games.[5][6][7] The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.[8]

Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Exploiting four zero-day flaws in the systems,[9] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[3] Stuxnet's design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g., in factory assembly lines or power plants), most of which are in Europe, Japan and the United States.[10] Stuxnet reportedly destroyed almost one-fifth of Iran's nuclear centrifuges.[11] Targeting industrial control systems, the worm infected over 200,000 computers and caused 1,000 machines to physically degrade.[12]

Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack, a link file that automatically executes the propagated copies of the worm and a rootkit component responsible for hiding all malicious files and processes to prevent detection of Stuxnet.[13] It is typically introduced to the target environment via an infected USB flash drive, thus crossing any air gap. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operation system values back to the users.[14][15]

  1. ^ "W32.Stuxnet Dossier" (PDF). Symantec. November 2010. Archived from the original (PDF) on 4 November 2019.
  2. ^ "Stuxnet : A worm which targets SCADA systems". CERT-IST Computer Emergency Response Team. 8 September 2010. Retrieved 7 June 2025. Stuxnet was discovered on June 17, 2010 by the Belarusian Company VirusBlokAda (a company that develops antivirus products). At that time most of the attention of the analysts was caught by the fact that this worm uses a previously unknown vulnerability in Windows (a "0-day" flaw): the ". LNK" vulnerability which led Microsoft to release early in August the out-of-band patch MS10-046. This is only after further analysis that analysts found that Stuxnet was in fact designed to target SCADA systems.
  3. ^ a b Kushner, David (26 February 2013). "The Real Story of Stuxnet". IEEE Spectrum. 50 (3): 48–53. Bibcode:2013IEEES..50c..48K. doi:10.1109/MSPEC.2013.6471059. S2CID 29782870.
  4. ^ Sen, Ashish (10 April 2015). "Iran's Growing Cyber Capabilities in a Post-Stuxnet Era". Atlantic Council. Retrieved 3 September 2025.
  5. ^ "Confirmed: US and Israel created Stuxnet, lost control of it". Ars Technica. June 2012. Archived from the original on 6 May 2019. Retrieved 15 June 2017.
  6. ^ Ellen Nakashima (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". The Washington Post. Archived from the original on 4 May 2019. Retrieved 8 September 2015.
  7. ^ Bergman, Ronen; Mazzetti, Mark (4 September 2019). "The Secret History of the Push to Strike Iran". The New York Times. ProQuest 2283858753. Archived from the original on 15 March 2023. Retrieved 23 March 2023.
  8. ^ Sanger, David E. (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. ISSN 0362-4331. Archived from the original on 1 June 2012. Retrieved 3 October 2022.
  9. ^ Naraine, Ryan (14 September 2010). "Stuxnet attackers used 4 Windows zero-day exploits". ZDNet. Archived from the original on 25 November 2014. Retrieved 12 April 2014.
  10. ^ Karnouskos, Stamatis (November 2011). "Stuxnet worm impact on industrial cyber-physical system security" (PDF). IECON 2011 – 37th Annual Conference of the IEEE Industrial Electronics Society. pp. 4490–4494. doi:10.1109/IECON.2011.6120048. ISBN 978-1-61284-972-0. S2CID 1980890. Archived (PDF) from the original on 24 April 2023. Retrieved 23 March 2023.
  11. ^ Kelley, Michael (20 November 2013). "The Stuxnet Attack on Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought". Business Insider. Archived from the original on 9 May 2014. Retrieved 8 February 2014.
  12. ^ "Sheep dip your removable storage devices to reduce the threat of cyber attacks". www.mac-solutions.net. Archived from the original on 4 September 2017. Retrieved 26 July 2017.
  13. ^ "STUXNET Malware Targets SCADA Systems". Trend Micro. January 2012. Archived from the original on 13 April 2014. Retrieved 12 April 2014.
  14. ^ Gross, Michael Joseph (April 2011). "A Declaration of Cyber-War". Vanity Fair. Archived from the original on 31 August 2021. Retrieved 31 December 2015.
  15. ^ "Exploring Stuxnet's PLC Infection Process". Symantec. 23 January 2014. Archived from the original on 21 June 2021. Retrieved 22 September 2010.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.