view counter

CyberwarfareReport details history, earlier versions of Stuxnet

Published 28 February 2013

In 2010, Symantec reported on a new and highly sophisticated worm called Stuxnet. This worm became known as the first computer software threat which was used as a cyber-weapon. In a new report, Symantec says that clues in the code pointed to other versions of the worm which could potentially perform different actions leaving an open question about Stuxnet and how it came to be.

In 2010, Symantec reported on a new and highly sophisticated worm called Stuxnet. This worm became known as the first computer software threat which was used as a cyber-weapon. The worm was specifically designed to take control over industrial plant machinery and making them operate outside of their safe or normal performance envelope, causing damage in the process. This was a first in the history of malware.

In a new report, Symantec says that clues in the code pointed to other versions of the worm which could potentially perform different actions leaving an open question about Stuxnet and how it came to be. The wait for the missing link is now over. Symantec has now discovered an older version of Stuxnet that can answer the questions about the evolution of Stuxnet. This newly discovered variant has been dissected and analyzed in detail. Here is a summary of Symantec’s key findings:

  • Stuxnet 0.5 is the oldest known Stuxnet version to be analyzed, in the wild as early as November 2007 and in development as early as November 2005.
  • Stuxnet 0.5 was less aggressive than Stuxnet versions 1.x and only spread through infected Step 7 projects.
  • Stuxnet 0.5 contains an alternative attack strategy, closing valves within the uranium enrichment facility at Natanz, Iran, which would have caused serious damage to the centrifuges and uranium enrichment system as a whole

Whether Stuxnet 0.5 was successful is unclear, but later versions of Stuxnet were developed using a different development framework, became more aggressive, and employed a different attack strategy that changed the speeds of the centrifuges instead suggesting Stuxnet 0.5 did not completely fulfill the attacker’s goals.

More versions of Stuxnet are known to exist, but have never been recovered.

— Read more in Geoff McDonad et al., Stuxnet 0.5: The Missing Link, Version 1.0: 26 February 2013

 

view counter
view counter