Stuxnet manifests the beginning of the new age of cyber-warfare, according to Kaspersky Lab
-WOBURN, MA - September 24, 2010- The recent Stuxnet worm attack is sparking lots of discussion and speculation
about the intent, purpose, origins and - most importantly - the identity of the
attacker and target.
Kaspersky Lab has not seen enough evidence to identify the attackers or the
intended target but we can confirm that this is a one-of-a-kind, sophisticated
malware attack backed by a well-funded, highly skilled attack team with
intimate knowledge of SCADA and ICS technology.
We believe this type of attack could only be conducted with nation-state
support and backing.
Eugene Kaspersky, co-founder and chief executive
officer of Kaspersky Lab, describes Stuxnet as the opening of “Pandora’s
Box.” “Stuxnet was not designed to steal
money, send spam, grab personal data. It
was designed to sabotage plants, to damage industrial systems. This is the
turning point and we are entering a new world. The ‘90’s were a decade of
cyber-vandals, the 2000’s were a decade of cybercriminals. Now we are entering the decade of
cyber-terrorism, cyber-weapons and cyber-wars. ”
Researchers at Kaspersky Lab independently discovered two of the four separate
zero-day vulnerabilities the worm exploited.
Our analysts reported two of these new vulnerabilities directly to
Microsoft and coordinated closely with the vendor during the creation and
release of software fixes.
In addition to exploiting four zero-day vulnerabilities, Stuxnet also used
two valid certificates (from Realtek and JMicron) which helped to keep the
malware under the radar for quite a long period of time.
The worm’s ultimate aim was to access Simatic WinCC SCADA, used
as industrial control systems that monitor and control industrial,
infrastructure, or facility-based processes. Similar systems are widely used in
oil pipelines, power plants, large communication systems, airports, ships, and
even military installations globally.
The inside knowledge of SCADA technology, the sophistication of the
multi-layered attack, the use of multiple zero-day vulnerabilities and
legitimate certificates bring us to an understanding that Stuxnet was created
by a team of extremely skilled professionals who possessed vast resources and
The target of the attack and the geography of its outbreak (primarily Iran)
suggests that this was not a regular cyber-criminal group. Moreover, our
security experts who analyzed the worm code insist that Stuxnet’s primary goal was
not to spy on infected systems, but to conduct sabotage. All the facts listed
above indicate that Stuxnet development was likely to be backed by a nation
state, which had strong intelligence data at its disposal.
Kaspersky Lab believes that Stuxnet is a working prototype of a cyber-weapon
that will lead to the creation of a new arms race in the world.