Stuxnet is cyber weapon and computer worm. It was used to sabotage Iran’s nuclear program with what would seem like a long series of unfortunate accidents.[1] It was first released in 2006.[2] It became known only after the release of the second version.[3] In 2010, an error in the code led the virus to spread outside the test labs and infect computers around the world.[4]
Both the United States and Israel have been accused of developing and releasing Stuxnet.[5] In 2012 the US confirmed that it developed Stuxnet with Israel.[4]
Stuxnet targets PLCs. They control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Stuxnet works by targeting machines using the Microsoft Windows operating system and networks. It then looks for Siemens Step7 software. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[6] Stuxnet reportedly ruined almost one-fifth of Iran's nuclear centrifuges.[3]
Stuxnet is typically introduced to the target environment via an infected USB flash drive. The worm then spreads across the network, scanning for Siemens Step7 software on computers controlling a PLC. If it doesn't find a target, Stuxnet becomes dormant inside the computer.
Stuxnet is special for different reasons:
Even though it targeted PLCs only very few were infected. The software is written to infect a specific set of PLC, with well-defined modules. In the case of a personal computer, it will infect any computer running the right software.