Stuxnet: The Worlds First Terrifying Digital Weapon

Stuxnet is a malicious computer worm that was first discovered in June 2010 after it paralyzed Iran's nuclear facilities. And to this day, Stuxnet is still a terrifying obsession for the global Internet.

Stuxnet is often used by hackers to exploit zero-day vulnerabilities in the Windows operating system. But Stuxnet doesn't just take over target computers or steal information from them; the malicious computer worm also escapes the digital world to physically destroy the devices it controls.

How did Stuxnet attack Iran's nuclear facilities?

Stuxnet was first discovered in 2010, when inspectors from the International Atomic Energy Agency (IAEA) discovered that many centrifuges at the Natanz plant (Iran), manufactured by Siemens to enrich uranium to power nuclear reactors, were malfunctioning.

It is worth noting that Iran's nuclear facilities are completely isolated, not connected to the internal network or the Internet.

A security team from Belarus discovered that the reason for the centrifuge malfunctions came from the computers that operated the system, and was behind it was an extremely complex malware. The malware spread through the USB port and quickly infected the programmable logic controllers (PLCs) that controlled the centrifuges, then sabotaged them.

Centrifuges at Iran's nuclear facilities are set to spin at extremely high speeds, creating forces many times greater than gravity to separate elements from uranium.

After Stuxnet entered the system, it closed the escape valves on a random number of centrifuges, allowing gas to enter but not escape, causing the pressure inside the centrifuges to increase, wasting time and gas.

The danger is that Stuxnet infiltrates the system for weeks, and after briefly speeding up the centrifuges it slows them down to standard rates. This makes its activity difficult to detect.

Additionally, in order to conceal its presence and activity on the system, Stuxnet also sends sensor signals to control industrial processes.

Unlike conventional malware, Stuxnet continued to spread even after it was discovered. That's why researchers call it a "digital weapon."

Why is Stuxnet dangerous?

Cybersecurity companies call Stuxnet a computer worm, which can be much more sophisticated than a typical computer virus.

Unlike viruses, computer worms do not require human interaction to activate, but spread automatically, sometimes very quickly after entering a system.

In addition to deleting data, computer worms can cause other harmful effects such as overloading networks, opening "backdoors", consuming bandwidth, reducing hard drive space and dropping other dangerous malware such as rootkits, spyware and ransomware.

Stuxnet weakened nearly 1,000 Iranian centrifuges in 2010. The worm is considered by experts to be an extremely complex piece of code and would be extremely dangerous if its impact were taken lightly.

The attackers first managed to infect computers belonging to five outside companies, believed to be somehow involved in the nuclear program, with malware that would then spread and transport weapons inside USB sticks into the protected facility and Siemens computers.

At that time, no security system could "scan" for Stuxnet's existence. According to experts, Stuxnet's main method of spreading was USB.

Stuxnet, after attacking Iran's nuclear facilities, was accidentally released to the outside world. Stuxnet was later detected in Germany, France, India and Indonesia.

Stuxnet's modus operandi also paved the way for other dangerous attacks to come. In 2015, German researchers created another computer worm, called PLC Blaster. They used part of Stuxnet's modus operandi, and were able to target the Siemens S7 series PLCs.

A Stuxnet-like scenario could still happen in 2024, says cybersecurity organization Stormshield, as there will always be Zero-Day vulnerabilities that give cybercriminals an offensive advantage.