The Christian Science Monitor, citing expert analysis, ran a story on Tuesday reporting that the Stuxnet Worm was a directed attack at a nuclear power plant in Iran.
Stuxnet appeared on the scene earlier this summer, though it was written more than a year ago. The code, its mechanics, the way it moved from system to system using Zero-Day vulnerabilities in Windows, everything about it was both frightening and shady. The hype given to it was justified, if only because it was a targeted payload, aimed at critical infrastructure.
“With the forensics we now have it is evident and provable that Stuxnet is a directed sabotage attack involving heavy insider knowledge,” wrote Ralph Langner, the CEO of Langner Communications, on the company website.
Langner’s research, as well as information from other experts who have seen it, was the basis for the Monitor story. You can see the entire story on a single printer page here.
“The attack combines an awful lot of skills – just think about the multiple 0day vulnerabilities, the stolen certificates etc. This was assembled by a highly qualified team of experts, involving some with specific control system expertise.”
Based on painstaking research, Langner determined that Stuxnet was programmed to target a single system by fingerprinting it. If the system in question is the one targeted, Stuxnet launches the attack. Otherwise it will remain dormant.
When Stuxnet attacks, it intercepts code from Simatic Manager that is loaded to the Programmable Logic Controller or PLC.
You can read more over here.