First Victims of the Stuxnet Worm Revealed

An anonymous reader writes: Analyzing more than 2,000 Stuxnet files collected over a two-year period, Kaspersky Lab can identify the first victims of the Stuxnet worm. Initially security researchers had no doubt that the whole attack had a targeted nature. The code of the Stuxnet worm looked professional and exclusive; there was evidence that extremely expensive zero-day vulnerabilities were used. However, it wasn't yet known what kind of organizations were attacked first and how the malware ultimately made it right through to the uranium enrichment centrifuges in the particular top secret facilities. Kaspersky Lab analysis sheds light on these questions.

It was Bob in accounting.

[halivar]

You can always count on Bob to open any email he sees that has "Miley Cyrus" in the subject line. Had to clean out is system three times this month. Damn you, Bob. This is all your fault.

Re:

[Anonymous Coward]

what's his email again?

Re:

[ArcadeMan]

bob@dumbassusers.com

Re:

[binarylarry]

bob@microsoft.com

Re:

[Zanadou]

"Birdman, did ya get dat thing I sent ya??"

Re:

[antdude]

Fire Bob already! :P

Re:

[account_deleted]

Comment removed based on user account deletion

Answer: whoever Israel meant to target

[Rujiel]

Why is it surprising that itneventually co-opted uranium enrichment facilities? Wasn't it developed for such a purpose?

Save the suspense

[jbmartin6]

Why is the summary being coy about the first thing anyone will ask upon reading it? That is pointless. Here:

It took us a long time to establish what organization it really was, but ultimately we succeeded in identifying it with a high degree of certainty. It is called Foolad Technic Engineering Co (FIECO). It is an Iranian company with headquarters in Isfahan. The company creates automated systems for Iranian industrial facilities (mostly those producing steel and power) and has over 300 employees. The company is directly involved with industrial control systems.

Re:

[Anonymous Coward]

Thanks. It seemed clearly clickbait. Now that you extracted the relevant part, I don't have to give them the click-through.

Re: Save the suspense

[n3r0.m4dski11z]

Maybe if you RTFA you would notice that it is a bit more complicated than that. The organization or individual who went after the centrifuges infected at least 5 different companies. An electric company, a steel manufacturer, 2 different industrial supply companies and a military importer /exporter company. These targets were all brand new infections, not passed from org to org. So they would have had to break security at at least 5 firms independently. Not too shabby.

You should read the second link, because it is quite fascinating. Who ever did it exploited the servers directly (as opposed to laptop vectors or smart phones or whathave you), and even went so far in two of the companies as first infecting the virus scan servers (one machine named kaspersky, another avserver...). Must have been awfully ballsy and confident about their viruses stealth.

So we have learned that it was a directed attack, over multiple targets, the initial infection was most likely delivered by network access and not by USB.

I think your summary misses most of the interesting parts. The name of the one company with hardly any context would not have added to the slashdot summary at all and would most likely make people miss out on nice simple deconstruction which the second link provides.

Well done

[s.petry]

Like you, I found the investigation to be interesting. I have read a lot previously on this infection and the virus itself since it was very unique (kernel can load and unload modules on the fly, polymorphic and encrypted traffic), etc.. This just make it even more interesting in my opinion.

Re:

[GigaplexNZ]

With a clickbait summary like this, I actively avoided RTFA.

Expensive ?

[Zebai]

I think i lost interest in anything this article says when I read " extremely expensive zero-day vulnerabilities".

Re:

[cold fjord]

You do know that there is a black market that sells infomration on exploitable vulnerabilites in computer software, right?

Re:Expensive ?

[Wraithlyn]

Ummm... why? You think it's preposterous that software exploits are bought and sold?

"It is common for individuals or companies who discover zero-day attacks to sell them to government agencies for use in cyberwarfare." - Zero-day attack [wikipedia.org]

References:
- Zero-day exploit in Apple’s iOS operating system 'sold for $500,000' [grahamcluley.com]
- Nations Buying as Hackers Sell Flaws in Computer Code [nytimes.com]
- How Spies, Hackers, and the Government Bolster a Booming Software Exploit Market [fastcompany.com]
- Cyberwar’s Gray Market [slate.com]

Easy to forget the people ...

[BoRegardless]

There are those who are spies and paid well to do their work.

A well-done hack

[sirwired]

No matter which "side" you are on, you have to admire how well it worked; doing exactly what it was designed to for quite a while before being discovered. I'd put it on a level with the legendary DirectTV "Black Sunday" program.

Re:

[lippydude]

@sirwired: 'No matter which "side" you are on, you have to admire how well it worked; doing exactly what it was designed to for quite a while before being discovered. I'd put it on a level with the legendary DirectTV "Black Sunday" program.'

Yes, all it required was a USB socket and Windows :)