Stuxnet

Stuxnet
Technical nameAs Stuxnet
Worm:Win32/Stuxnet.[Letter]
TrojanDropper:Win32/Stuxnet
W32.Stuxnet
W32.Stuxnet!lnk
Troj/Stuxnet-[Letter]
Trojan-Dropper.Win32.Stuxnet.[Letter]
Worm.Win32.Stuxnet.[Letter]
TR/Drop.Stuxnet.[Letter].[Number]
Worm.Win32.Stuxnet
Trojan-Dropper:W32/Stuxnet
Rootkit:W32/Stuxnet
RTKT_STUXNET.[Letter]
LNK_STUXNET.[Letter]
WORM_STUXNET.[Letter]
TypeDropper
ClassificationComputer worm
AuthorsEquation Group
Technical details
PlatformSource:[1]

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran.[2] Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games.[3][4][5] The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.[6]

Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Exploiting four zero-day flaws,[7] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[2] Stuxnet's design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g., in factory assembly lines or power plants), most of which are in Europe, Japan, and the United States.[8] Stuxnet reportedly destroyed almost one-fifth of Iran's nuclear centrifuges.[9] Targeting industrial control systems, the worm infected over 200,000 computers and caused 1,000 machines to physically degrade.[10]

Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, to prevent detection of Stuxnet.[11] It is typically introduced to the target environment via an infected USB flash drive, thus crossing any air gap. The worm then propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operation system values back to the users.[12][13]

  1. ^ "W32.Stuxnet Dossier" (PDF). Symantec. November 2010. Archived from the original (PDF) on 4 November 2019.
  2. ^ a b Kushner, David (26 February 2013). "The Real Story of Stuxnet". IEEE Spectrum. 50 (3): 48–53. doi:10.1109/MSPEC.2013.6471059. S2CID 29782870. Archived from the original on 7 February 2022. Retrieved 13 November 2021.
  3. ^ "Confirmed: US and Israel created Stuxnet, lost control of it". Ars Technica. June 2012. Archived from the original on 6 May 2019. Retrieved 15 June 2017.
  4. ^ Ellen Nakashima (2 June 2012). "Stuxnet was work of U.S. and Israeli experts, officials say". The Washington Post. Archived from the original on 4 May 2019. Retrieved 8 September 2015.
  5. ^ Bergman, Ronen; Mazzetti, Mark (4 September 2019). "The Secret History of the Push to Strike Iran". The New York Times. ProQuest 2283858753. Archived from the original on 15 March 2023. Retrieved 23 March 2023.
  6. ^ Sanger, David E. (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. ISSN 0362-4331. Archived from the original on 1 June 2012. Retrieved 3 October 2022.
  7. ^ Naraine, Ryan (14 September 2010). "Stuxnet attackers used 4 Windows zero-day exploits". ZDNet. Archived from the original on 25 November 2014. Retrieved 12 April 2014.
  8. ^ Karnouskos, Stamatis (November 2011). "Stuxnet worm impact on industrial cyber-physical system security" (PDF). IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society. pp. 4490–4494. doi:10.1109/IECON.2011.6120048. ISBN 978-1-61284-972-0. S2CID 1980890. Archived (PDF) from the original on 24 April 2023. Retrieved 23 March 2023.
  9. ^ Kelley, Michael (20 November 2013). "The Stuxnet Attack on Iran's Nuclear Plant Was 'Far More Dangerous' Than Previously Thought". Business Insider. Archived from the original on 9 May 2014. Retrieved 8 February 2014.
  10. ^ "Sheep dip your removable storage devices to reduce the threat of cyber attacks". www.mac-solutions.net. Archived from the original on 4 September 2017. Retrieved 26 July 2017.
  11. ^ "STUXNET Malware Targets SCADA Systems". Trend Micro. January 2012. Archived from the original on 13 April 2014. Retrieved 12 April 2014.
  12. ^ Gross, Michael Joseph (April 2011). "A Declaration of Cyber-War". Vanity Fair. Archived from the original on 31 August 2021. Retrieved 31 December 2015.
  13. ^ "Exploring Stuxnet's PLC Infection Process". Symantec. 23 January 2014. Archived from the original on 21 June 2021. Retrieved 22 September 2010.