The official news agency of Iran confirmed this week that the Stuxnet worm has infested the PCs of staff working at the country's first nuclear power plant.
Staffers are working to remove the Windows-based malware from "several computers," but thus far the worm has not caused any damage to the major systems used by the plant, according to a report by the Associated Press, citing an Iranian official quoted by the Islamic Republic News Agency.
Security analysts say the Stuxnet worm, which first popped up in July, heralds a new era in targeted malware campaigns because it was created specifically to attack Supervisory Control and Data Acquisitions (SCADA) systems that are used to monitor and control industrial processes, especially critical infrastructure systems used by governments and corporations.
Iranian officials said the worm has spread to other industries within the country, and German security researchers have already discovered incidents of the worm in other areas, including Indonesia, Israel, Eastern Europe and the U.S.
Unlike other sophisticated malware campaigns, the Stuxnet outbreak suggests that the perpetrators are intent on taking over control of the targeted systems rather than just stealing information or disrupting the systems and data they attack, raising concerns that the worm may have been created by a government or government-sponsored entity specifically to attack another nation's infrastructure.
"Although the criminal hacker community is well-organized and well-resourced, it is unlikely that they would have invested so much effort in this one attack, which appears to be more politically than economically motivated," Graham Titterington, an analyst at IT research firm Ovum, said in a statement.
The U.S. and other countries have ratcheted up the rhetoric in the past year regarding both defending against coordinated malware attacks and using technology offensively to protect national-security interests.
"The Stuxnet worm appears to be an example of the growing tide of nation-state cyberattacks," Titterington said. "A survey of security managers at companies in the critical national infrastructure (CNI) sector of many western nations reported that many believe they have been attacked, and most expect an attempt to disable their CNI within two years."
Follow eSecurityPlanet on Twitter @eSecurityP.