Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Symantec: Stuxnet struck five targets in Iran

Attacks started in June 2009, ended in May 2010, a month before anyone noticed, says Symantec

Article comments

Researchers at Symantec today said that the notorious Stuxnet worm targeted five separate organisations, and that attacks against those objectives, all with a presence in Iran, started in June 2009, more than a year before independent experts raised the alarm.

In a post on Symantec's security blog , the company said that further analysis of Stuxnet samples showed that the worm was aimed at five different organisations. "All targeted organisations have a presence in Iran," said Ben Nahorney, a senior information developer with the US-based security company.

Speculation on Stuxnet's targets has centered on a pair of Iranian locations crucial to its nuclear program: the underground uranium enrichment facility at Natanz in the central part of the country, and the nuclear reactor at Bushehr , in southern Iran.

Both Natanz and Bushehr have been under the scrutiny of the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog.

According to Nahorney, the first Stuxnet attack was launched in June 2009, with another following that July. Additional attacks were conducted in March, April and May 2010.

Although experts had previously traced the worm's development roots as far back as June 2009, there was little proof that actual attacks had begun at that time.

The worm was first publicly reported in June 2010 by VirusBlokAda, a little-known security firm based in Belarus, but only garnered attention a month later when Microsoft and Siemens, the German electronics firm sells widely-used SCADA hardware and software, said the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.

SCADA, for "supervisory control and data acquisition," are systems that run everything from power plants and factory machinery to oil pipelines and military installations.

Researchers have called Stuxnet "groundbreaking" for its sophistication, use of multiple Windows zero-day vulnerabilities and reconnaissance and testing requirements.

"Three organisations were targeted once, one was targeted twice, and another was targeted three times," said Nahorney today. Symantec has not identified the organisations or disclosed information on which of the five, the one struck three times was attacked most aggressively.

Based on Symantec's earlier analysis and that of other experts, including Ralph Langner of Langner Communications GmbH, most researchers have concluded that Stuxnet was crafted by a nation-backed team, and designed to cripple Iran's nuclear program.

Iran has confirmed that the worm infected at least 30,000 PCs in the country, and has admitted that Stuxnet affected the operation of some of the centrifuges used to enrich uranium. The country has blamed Israel and the US for the attacks.

Last month the New York Times, citing confidential sources, said that the worm was a joint American-Israeli project, and had been tested on Iranian-style centrifuges at the latter's Dimona covert nuclear facility.

Symantec mapped Stuxnet's targets and timeline by analysing more than 3,200 samples of the worm that had caused approximately 12,000 infections in the five organisations that had been attacked.

The company will publish an updated version of its "W32.Stuxnet Dossier" report on its Web site later today.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *