Security Market Segment LS
Wednesday, 12 November 2014 16:27

Kaspersky Lab identifies Stuxnet Patient Zero: first victims Featured


The infamous Stuxnet worm that disabled Iranian nuclear centrifuges has been under intense investigation by Kaspersky Lab and other security firms, with Kaspersky revealing more information.

More than four years ago, the Stuxnet worm was not only discovered, it was discovered to be ‘one of the most sophisticated and dangerous malicious programs’, it was also considered to be ‘the world’s first cyber-weapon’.

There have been many mysteries around the story, but one major question revolves around what the exact goals of the whole Stuxnet operation were.
Kaspersky Lab has analysed more than 2,000 Stuxnet files over the last two–years, with its researchers now able to identify the first victims of the worm.
Initially, Kaspersky’s and other security researchers had no doubt that the whole attack had a targeted nature.

The company says that the code of the Stuxnet worm looked professional and exclusive, with evidence that extremely expensive zero-day vulnerabilities were used.

Even so, it wasn’t yet known what kinds of organisations were attacked first, nor how the malware ultimately made it right through to the uranium enrichment centrifuges of top secret facilities.
Kaspersky’s new analysis sheds light on these questions.

It turns out that ‘all five of the organisations that were initially attacked operate within the Industrial Control Systems (ICS) area in Iran, developing ICS or supplying materials and parts.’

The fifth organisation to be targeted, explains Kaspersky, is the most intriguing because, ‘among other products for industrial automation, it produces uranium enrichment centrifuges’, with this ‘precisely the kind of equipment that is believed to be the main target of Stuxnet.’
The company say that ‘It is believed the attackers expected that these organisations would exchange data with their clients – such as uranium enrichment facilities – and this would make it possible to get the malware inside these target facilities. The outcome suggests that the plan was indeed successful.’ 
Kaspersky Lab experts made yet another interesting discovery: ‘revealing that the Stuxnet worm did not only spread via infected USB memory sticks plugged into PCs. This factor shaped part of the initial theory, explaining how the malware could sneak into a place with no direct Internet connection.’
Its security researched saw that the ‘data gathered while analysing the very first attack showed that the first worm’s sample (Stuxnet.a) was compiled just hours before it appeared on a PC in the first attacked organisation.’

Interestingly, ‘this tight timetable makes it hard to imagine that an attacker compiled the sample, put it on a USB memory stick and delivered it to the target organisation in just a few hours. It is reasonable to assume that in this particular case, the people behind Stuxnet used other techniques instead of a USB infection.’

Alexander Gostev, Chief Security Expert at Kaspersky Lab said: “Analysing the professional activities of the first organisations to fall victim to Stuxnet gives us a better understanding of how the whole operation was planned.”

“At the end of the day, this is an example of a supply-chain attack vector, where the malware is delivered to the target organisation indirectly via networks of partners that the target organisation may work with,” Gostev concluded.

You can read plenty more technical detail on various ‘previously unknown aspects of the Stuxnet attack’ in a blog post on Kaspersky Lab’s Securelist site. 

There is also a newly released book entitled ‘Countdown to Zero Day’ – by journalist Kim Zetter.

This book also includes previously undisclosed information about Stuxnet, some of which is based on interviews with members of Kaspersky Lab’s Global Research and Analysis Team who are helping to unravel the Stuxnet mystery.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments