According to the Wall Street Journal's Rachael King, the Stuxnet malware infected Chevron's network in 2010.
"Chevron is the first U.S. company to acknowledge that its systems were infected by Stuxnet, although most security experts believe the vast majority of hacking incidents go unreported for reasons of security or to avoid embarrassment," King writes. "The devices used in industrial equipment and targeted by Stuxnet are made by huge companies, including Siemens (whose devices were in use at Iran’s facility). Millions of these devices have been sold around the world, so potentially every industrial company that uses these devices, called programmable logic controllers, or PLCs, are at risk of being infected."
"Stuxnet, which is alleged to be part of a US-led operation to stop Iran from becoming nuclear weapons-capable, infiltrated nuclear enrichment facilities in Natanz, Iran, in 2010 and successfully modified its industrial grade equipment to malfunction," writes ZDNet's Michael Lee. "Stuxnet's payload was specific to the systems in place in Iran, but its spreading mechanism was not as picky. As a result, the malware managed to escape from the facility and spread far beyond its initial target."
"A Chevron spokesperson told CNET that the company's network was not adversely affected by the virus," writes CNET News' Steven Musil. "'Two years ago, our security systems identified the Stuxnet virus. We immediately addressed the issue without incident,' a Chevron representative said."
"Analysts and former US military officers have touted cyber attacks as a more effective weapon against Iran's nuclear ambitions than bombing raids, which they say would carry big risks without causing permanent damage to the program," AFP reports. "But Chevron officials said the virus spread beyond Washington's control. 'I don't think the US government even realized how far (the virus) had spread,' Mark Koelmel, who oversees earth-science research and development at Chevron, told the Wall Street Journal."