Stuxnet struck five targets in Iran, say researchers

Attacks started in June 2009, ended in May 2010, a month before anyone noticed, says Symantec

Researchers at Symantec today said that the notorious Stuxnet worm targeted five separate organizations, and that attacks against those objectives -- all with a presence in Iran -- started in June 2009, more than a year before independent experts raised the alarm.

In a post on Symantec's security blog , the company said that further analysis of Stuxnet samples showed that the worm was aimed at five different organizations. "All targeted organizations have a presence in Iran," said Ben Nahorney, a senior information developer with the U.S.-based security company.

Speculation on Stuxnet's targets has centered on a pair of Iranian locations crucial to its nuclear program: the underground uranium enrichment facility at Natanz in the central part of the country, and the nuclear reactor at Bushehr , in southern Iran.

Both Natanz and Bushehr have been under the scrutiny of the International Atomic Energy Agency (IAEA), the United Nations' nuclear watchdog.

According to Nahorney, the first Stuxnet attack was launched in June 2009, with another following that July. Additional attacks were conducted in March, April and May 2010.

Although experts had previously traced the worm's development roots as far back as June 2009, there was little proof that actual attacks had begun at that time.

The worm was first publicly reported in June 2010 by VirusBlokAda, a little-known security firm based in Belarus, but only garnered attention a month later when Microsoft and Siemens -- the German electronics firm sells widely-used SCADA hardware and software -- said the worm was actively targeting Windows PCs that managed large-scale industrial-control systems in manufacturing and utility firms.

SCADA, for "supervisory control and data acquisition," are systems that run everything from power plants and factory machinery to oil pipelines and military installations.

Researchers have called Stuxnet "groundbreaking" for its sophistication, use of multiple Windows zero-day vulnerabilities and reconnaissance and testing requirements.

"Three organizations were targeted once, one was targeted twice, and another was targeted three times," said Nahorney today. Symantec has not identified the organizations or disclosed information on which of the five -- the one struck three times -- was attacked most aggressively.

Based on Symantec's earlier analysis -- and that of other experts, including Ralph Langner of Langner Communications GmbH -- most researchers have concluded that Stuxnet was crafted by a nation-backed team, and designed to cripple Iran's nuclear program.

Iran has confirmed that the worm infected at least 30,000 PCs in the country, and has admitted that Stuxnet affected the operation of some of the centrifuges used to enrich uranium. The country has blamed Israel and the U.S. for the attacks.

Last month the New York Times, citing confidential sources, said that the worm was a joint American-Israeli project , and had been tested on Iranian-style centrifuges at the latter's Dimona covert nuclear facility.

Symantec mapped Stuxnet's targets and timeline by analyzing more than 3,200 samples of the worm that had caused approximately 12,000 infections in the five organizations that had been attacked.

The company will publish an updated version of its "W32.Stuxnet Dossier" report on its Web site later today.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitysymantec

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?