The malware is believed to have been created by US and Israeli intelligence agencies.
Stuxnet is designed to alter Programmable Logic Controllers (PLCs) used in the types of industrial control systems (ICS).
The Stuxnet malware has made a powerful comeback after a hiatus of eight years, with a new variant, impacting Iranian networks. The malware first made headlines for its devastating attack on the Iranian uranium enrichment centrifuges.
The sophisticated worm was first identified by the infosec community in 2010, although it was in the development stages since at least 2005. The malware is believed to have been created by US and Israeli intelligence agencies.
Primary targets
Stuxnet is designed to alter Programmable Logic Controllers (PLCs) used in the types of industrial control systems (ICS). The PLCs are commonly used in facilities such as power plants, water treatment facilities, gas pipelines, etc. The worm mainly relies on multiple previously known zero-day exploits to infect computers.
The malware was found mainly targeting the ICS in Iran, Indonesia and India during 2007. Stuxnet’s effect was felt most strongly in Iran as early as 2007, where over 60% of infections were located. Many experts believe that Stuxnet destroyed 1000 centrifuges in the Iranian nuclear facility at Natanz.
Modus Operandi
When it infects a computer, Stuxnet checks whether the computer is connected to specific models of PLCs manufactured by Siemens. The malware looks out for Siemen’s STEP 7 software that is used to control PLCs.
Once it locates the machine with STEP 7, Stuxnet begins to inject false information to the PLC, thereby intercepting the actual data generated. Based on the false information injected, PLC reports a false operation states back to STEP 7 in order to show that the machines are operating normally.
The ..
Support the originator by clicking the read the rest link below.
