NY Times: Stuxnet Traced to Five Iranian Internet Domains

The Stuxnet Worm attempted to infiltrate five industrial
complexes in Iran over a span of ten months according to a report in the New York Times
based on a Stuxnet
Dossier published by Symantec.

Stuxnet IranThe Stuxnet Worm attempted to infiltrate five industrial
complexes in Iran over a span of ten months according to a report in the New York Times
based on a Stuxnet
Dossier
published by Symantec.

Stuxnet was designed to not only attack
industrial control systems built by Siemens Corporation, which is the company
that built the control system that regulates the spinning of uranium
centrifuges at Natanz, but also to obscure itself by sending false information
to the control computers monitoring the system, the report found.

Symantec researchers claim
Stuxnet was written with two attack modes aimed at separate centrifuge arrays,
one of which appeared to have been disabled, perhaps providing an explanation
for the worm’s limited effectiveness. The worm was programmed to
record data on the location and type of each computer it infected, which is a
unique and seemingly counterproductive feature for a piece of malware. It was
likely coded into the virus to allow the authors to keep tabs on its progress, and it was this feature that
allowed Symantec researchers led by Liam O Murchu to do the same. Of some 12,000
infected machines, the researchers connected the dots and traced the worm back
to its origins in five Iranian Internet domains. Researchers have pointed out other ways in which the worm – claimed by many to be the most sophisticated piece of malware ever discovered in the wild – still suffered from shortcomings that allowed it to be detected. 

While the report does not release the
names of the companies linked to the suspected domains because of privacy
policy restrictions, the Times report claims they are all linked to industrial
processing within Iran.

Researchers believe that attack was
first launched via infected emails or USB thumb drives. The Natanz Facility, a center for uranium enrichment in Iran, is not believed to be directly connected to the Web. Therefore, the attacks were likely
aimed at industrial organizations that share information with the Natanz
facility in hopes that the virus would be transmitted along with any other data
the facilities were sharing.

In January, The Times reported that evidence from the outbreak supported theories that the worm was a joint US-Israeli operation to delay or disable Iran’s nuclear enrichment program. 

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.