Aberrant Code--Stuxnet and the Dawn of Cyberwar (2009-2010, exposed June 2010)

Aberrant Code--Stuxnet and the Dawn of Cyberwar (2009-2010, exposed June 2010)

Stuxnet was a worm targeting industrial control systems that was uncovered in 2010, targeting the Siemens Step7 and WinCC environments at the Natanz enrichment facility in Iran, i.e., a group of PLCs, crossing the air gap via USB, cascading multiple zero-day exploits, including the LNK vulnerability in Windows, and using stolen evaded detection by signing the driver with a certificate. Once they reached the target, they monitored the control network and rewrote the PLC logic to periodically overload and slow down the centrifuge rotation only when the conditions were met, and displayed normal values on the monitoring screen to deceive operators. The half-megabyte multilayered code is self-hiding, self-erasing, and rigorously targeted to prevent unnecessary destruction. 2009-2010 reportedly saw the replacement of many IR1s, and US and Israeli involvement was pointed out (without official authorization) in an attempt to delay the nuclear program. The incident, which coincided wi
th the tightening of sanctions against Iran and the operationalization of the U.S. Cyber Army, made OT vulnerabilities visible and marked a turning point in the chain of events leading to Duqu and Flame.