Iran's Nuclear Facilities Once Attacked by Mysterious Virus

Iran’s nuclear facilities were once subjected to a sabotage attack in the form of a computer virus known as Stuxnet, which remains ‘mysterious’. According to the BBC, this cyber attack occurred in 2010. Computer researchers at the time explained that the complexity of Stuxnet could only be created by a nation. This malware was designed to target real-world infrastructure such as power plants, water treatment installations, and industrial units. The malware was first detected in June 2010. Researchers immediately conducted intensive studies. ‘The fact that we see more infections in Iran than anywhere else in the world makes us think that this threat was targeted at Iran and that there is something in Iran that is very, very valuable to whoever wrote it,’ said Liam O’Murchu from the security company Symantec, which has been tracking the worm since it was first detected. Characteristics of the Virus Initial research by Symantec showed that nearly 60% of all infections occurred in Iran. Unlike most viruses, this malware targeted offline systems. It infected Windows machines via USB flash drives—commonly used to transfer files—that were infected with the malware. After infecting machines on a company’s internal network, it searched for specific industrial control software configurations. Once hijacked, the code could reprogram PLC (programmable logic controller) software to give new instructions to connected industrial machines. However, the virus remains mysterious due to the complexity of the code used and the fact that it combined so many different techniques into a single payload. Origin of the Virus Still Mysterious According to O’Murchu’s analysis, the virus was part of a large project. The party capable of creating it was only a nation with substantial resources. ‘This is a very large, very well-planned, and very well-funded project,’ he said. ‘It has an extraordinary amount of code just to infect those machines.’ His analysis is supported by other research conducted by security companies and computer experts. This is not the first time malware has been found that affects critical infrastructure, although most incidents occur accidentally. Unique Type of Attack The virus is also considered unique. It could exploit several previously unknown vulnerabilities in commonly used operating systems that had not yet been patched. This attack is known as a zero-day exploit. ‘It’s rare to see an attack that uses one zero-day exploit,’ Mikko Hypponen, chief research officer at the security company F-Secure, told BBC News. ‘Stuxnet used not one, not two, but four.’ He said that cybercriminals and hackers usually do not carry out attacks in this model. To this day, the creator of the virus is unknown. However, in 2009, the US government acknowledged finding software capable of shutting down the national electricity grid. But it is not certain whether this is related to the virus that attacked Iran.