Stuxnet, introduced in 2010, is recognized as the first digital weapon designed to disrupt Iran’s nuclear enrichment program. Developed through a collaboration between the United States and Israel, it utilized sophisticated malware to compromise industrial control systems, causing physical damage without detection. This cyber weapon dramatically illustrated the potential for malware to affect real-world systems, heralding a new era of cyber warfare. Affected: Iran’s Nuclear Program, Industrial Control Systems
Keypoints :
- Stuxnet is a state-sponsored computer worm targeting Iran’s nuclear facilities.
- It was allegedly developed by the United States and Israel under “Operation Olympic Games.”
- The malware specifically aimed at Siemens PLCs controlling gas centrifuges.
- Stuxnet was spread via USB drives due to the air-gapped nature of the Natanz facility.
- It utilized multiple zero-day vulnerabilities to infiltrate and manipulate systems.
- The malware’s operation involved feeding false data to monitoring systems to hide its actions.
- Stuxnet reprogrammed PLC commands, ultimately damaging centrifuges and delaying Iran’s nuclear progress.
- The cyberattack strategy has influenced subsequent cyber weapons like “Duqu,” “Flame,” and “Triton.”
MITRE Techniques :
- T1200 – **System Exploitation**: Used Windows LNK vulnerability (CVE-2010–2568) to execute malware via USB drives.
- T1068 – **Exploitation for Privilege Escalation**: Exploited Windows Print Spooler vulnerability (CVE-2010–2729) for gaining administrative permissions.
- T1066 – **Exploitation for Local Privilege Escalation**: Took advantage of Windows Win32k vulnerability (CVE-2010–2743) for max access.
- T1070 – **Persistence**: Used Windows Task Scheduler vulnerability (CVE-2008–4250) to maintain presence and move through networks.
- T1553.002 – **Credential Dumping**: Targeted hard-coded SQL credentials in Siemens WinCC database for manipulating PLCs.
Full Story: https://medium.com/@eziyo246/stuxnet-an-overview-8916f74ca538?source=rss——malware-5