Stuxnet

Malware updated 25 days ago (2024-08-14T09:34:25.012Z)
Download STIX
Preview STIX
Stuxnet, discovered in 2010, is one of the most notorious malware attacks in history, primarily targeting Windows systems, programming logic controllers (PLCs), and supervisory controls and data acquisition (SCADA) systems. The military-grade cyberweapon was co-developed by the United States and Israel as part of a full-scale military cyberattack against Iran, known as "NITRO ZEUS." Stuxnet specifically targeted Iran's nuclear enrichment facility at Natanz, degrading its operations. It marked a significant evolution in state-level cyber warfare tactics, demonstrating how cyberattacks can be integrated into the broader military toolkit. Despite its initial containment within the intended target, Stuxnet eventually escaped into the wild, demonstrating the inherent risk associated with cyber weaponry. This malware, which has left a significant mark in the SCADA world, is more than a decade old now but still serves as a reference point for potential cyber threats. In fact, researchers have outlined how future attackers could potentially outperform Stuxnet by exploiting web-based PLC malware to falsify sensor readings, disable safety alarms, and manipulate physical actuators. The repercussions of Stuxnet-style attacks are extensive and can lead to catastrophic outcomes. These include denial-of-service (DoS) efforts that take down electrical grids, privilege escalation and lateral movement allowing deeper penetration into operational technology (OT) environments, modification of settings to alter safety thresholds for power generators, and remote compromise of PLCs halting water sector operations. Despite its age, Stuxnet continues to be a model for destructive malware attacks that can permanently disrupt a site's ability to function, underscoring the need for robust cybersecurity measures in critical infrastructure sectors.
Description last updated: 2024-08-14T09:09:33.550Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Worm
Ics
Exploit
Windows
State Sponso...
Nuclear
Exploits
Zero Day
Denial of Se...
Iran
Trojan
Industrial
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
TRITONUnspecified
4
Triton is a sophisticated malware that has been historically used to target the energy sector. It was notably used in 2017 by the Russian Central Scientific Research Institute of Chemistry and Mechanics (TsNIIkhM) to attack a Middle East petrochemical facility. The malware, also known as Trisis and
WannaCryUnspecified
3
WannaCry is a type of malware, specifically ransomware, that gained notoriety in 2017 as one of the largest and most damaging cyber-attacks to date. The malicious software exploits vulnerabilities in computer systems to encrypt data, effectively holding it hostage until a ransom is paid. It primaril
DuquUnspecified
2
Duqu is a sophisticated piece of malware that was first discovered in the wild exploiting a zero-day vulnerability (CVE-2011-3402). It's closely related to the notorious Stuxnet worm, which infected thousands of computers across 155 countries and caused significant damage to Iran’s nuclear-enrichmen
BlackEnergyUnspecified
2
BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks a
ShamoonUnspecified
2
Shamoon is a malicious software (malware) known for its destructive capabilities, particularly in wiping out data from infected systems. It first gained notoriety in 2012 when it was used in an attack on Saudi Aramco, crippling approximately 30,000 systems at the company. The malware replaced the co
NotPetyaUnspecified
2
NotPetya is a notorious malware that emerged in 2017, widely attributed to the Russian hacking group APT28, also known as Sandworm. This malicious software was primarily an act of cyberwar against Ukraine, delivered through updates to MeDoc accounting software, a technique known as a supply chain at
Flameis related to
2
Flame is a sophisticated form of malware, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Flame has the ability to steal personal information, disrupt operations, or hold data
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
HavexUnspecified
2
Havex, also known as Dragonfly or the Energetic Bear RAT, is a prominent threat actor in the cybersecurity landscape. First spotted in 2013, Havex was part of a broad industrial espionage campaign that specifically targeted Supervisory Control and Data Acquisition (SCADA) and Industrial Control Syst
Source Document References
Information about the Stuxnet Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
6 months ago
Embedded PLC Web Servers a Vector to New Class of OT Malware
DARKReading
a month ago
Is Our Water Safe to Drink? Securing Our Critical Infrastructure
Quick Heal Technologies Ltd.
a month ago
Think Your Computer is Safe? Unmasking the Most Famous Computer Viruses in the Cyberworld!
DARKReading
2 months ago
Novel ICS Malware Sabotaged Water-Heating Services in Ukraine
DARKReading
3 months ago
CISO Corner: Apple's AI Privacy Promises; CEOs in the Hot Seat
DARKReading
3 months ago
Rockwell's ICS Directive Comes As Critical Infrastructure Risk Peaks
Securityaffairs
5 months ago
Blackjack group used ICS malware Fuxnet against Russian targets
CERT-EU
6 months ago
What is the optimal technology stack for Operational Technology Cybersecurity: Learnings from an IBM OT Security Leader | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
NSA Guidelines; a Utility SBOM Case Study; Lava Lamps | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
DARKReading
6 months ago
CISO Corner: NSA Guidelines; a Utility SBOM Case Study; Lava Lamps
DARKReading
6 months ago
The Ongoing Struggle to Protect PLCs
CERT-EU
6 months ago
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
We’re Slowly Learning About China’s Extensive Hacking Network | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
6 months ago
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
CERT-EU
6 months ago
Operational Technology Threats - ReliaQuest
CERT-EU
6 months ago
Georgia Tech researchers warn of Stuxnet-style web-based PLC malware, redefining industrial cybersecurity threats - Industrial Cyber
DARKReading
6 months ago
Improved, Stuxnet-Like PLC Malware Aims to Disrupt Critical Infrastructure
CERT-EU
6 months ago
Potential compromise of new web-based PLC malware detailed
BankInfoSecurity
6 months ago
Defending Operational Technology Environments: Basics Matter
CERT-EU
6 months ago
UW Health says patient info compromised in cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting