RSA 2013: Symantec Reveals New Stuxnet Details
Stuxnet was around long before the malware was used in a high-profile nation-state attack in 2010, finds new research from Symantec.
SAN FRANCISCO: In 2010 the world became aware of Stuxnet, perhaps the first piece of nation-state malware designed to attack critical infrastructure, when a worm hit systems at an Iranian nuclear facility.
According to new research announced by Symantec at the RSA 2013 conference, Stuxnet has been around since at least 2005. During his keynote, Francis DeSouza, president of Product and Services at Symantec, referred to an early version of Stuxnet from 2005 that his team has dubbed Stuxnet 0.5.
This earlier version of Stuxnet is a bit different than the one that disabled nuclear facilities in Iran. "What Stuxnet 1.0 did is, it attacked the high-frequency centrifuge motors and it disabled the plant by accelerating those motors," DeSouza said.
In contrast, Stuxnet 0.5 went after the valves that control the flow of uranium hexafluoride into the centrifuges. "It turns out you can cause a lot of damage by messing with the high pressure in a centrifuge in a uranium enrichment facility," DeSouza said.
Despite the large amount of research that has been conducted into Stuxnet since the Iranian attack in 2010, it is still not definitely known who created it. The prevailing notion is that the state of Israel, with the support of the U.S, was behind Stuxnet -- although neither government has officially confirmed the allegation.
Symantec's new research points out that attacks against infrastructure are somewhat older than first thought, DeSouza pointed out.
"We are now entering close to the end of the first decade of weaponized malware," DeSouza said. "As newer variants including Duqu and Flame, the sophistication of these cyber-weapons has continued."