Latest in Cyberattack

Image credit:

Stuxnet worm entered Iran's nuclear facilities through hacked suppliers

39 Shares
Share
Tweet
Share
Save

Sponsored Links

You may have heard the common story of how Stuxnet spread: the United States and Israel reportedly developed the worm in the mid-2000s to mess with Iran's nuclear program by damaging equipment, and first unleashed it on Iran's Natanz nuclear facility through infected USB drives. It got out of control, however, and escaped into the wild (that is, the internet) sometime later. Relatively straightforward, right? Well, you'll have to toss that version of events aside -- a new book, Countdown to Zero Day, explains that this digital assault played out very differently.

Researchers now know that the sabotage-oriented code first attacked five component vendors that are key to Iran's nuclear program, including one that makes the centrifuges Stuxnet was targeting. These companies were unwitting Trojan horses, security firm Kaspersky Lab says. Once the malware hit their systems, it was just a matter of time before someone brought compromised data into the Natanz plant (where there's no direct internet access) and sparked chaos. As you might suspect, there's also evidence that these first breaches didn't originate from USB drives. Researchers saw that Stuxnet's creators compiled the first known worm mere hours before it reached one of the affected companies; unless there was someone on the ground waiting to sneak a drive inside one of these firms, that code reached the internet before it hit Natanz.

This attack-a-trusted-user technique isn't shocking in light of the National Security Agency's frequent use of malware against network administrators, and it supports leaks suggesting that Stuxnet has American roots. That's reinforced by additional claims in the book; it notes that the closely linked Duqu worm may have served as a "forward scout," swiping security certificate technology that could be used to make rogue code (possibly including Stuxnet) appear legitimate. With that said, Kaspersky and other investigators have yet to confirm the origins of the cyberattacks. They can tell you where Stuxnet and Duqu went, but not where they started.

[Image credit: IIPA via Getty Images]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
39 Shares
Share
Tweet
Share
Save

Popular on Engadget

Pokémon’s New York-inspired monsters join 'Pokémon Go' today

Pokémon’s New York-inspired monsters join 'Pokémon Go' today

View
Alleged JPMorgan hacker set to plead guilty

Alleged JPMorgan hacker set to plead guilty

View
FCC approves Nexstar’s $6.4 billion acquisition of Tribune Media

FCC approves Nexstar’s $6.4 billion acquisition of Tribune Media

View
Apple Arcade is available early for some iOS 13 beta users

Apple Arcade is available early for some iOS 13 beta users

View
Logitech's newest lag-free gaming mouse is loaded with thumb buttons

Logitech's newest lag-free gaming mouse is loaded with thumb buttons

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr