Sign In

Communications of the ACM

ACM TechNews

Stuxnet's Earlier Version Much More Powerful and Dangerous, New Analysis Finds

View as: Print Mobile App Share:
A representation of the Stuxnet worm/virus.

A researcher who reverse-engineered a version of the Stuxnet work developed in 2005 and a later version discovered in 2010 found the earlier version was much stronger and more sophisticated.


The version of the Stuxnet worm that was developed in 2005 was much stronger and more sophisticated than the version that was discovered in 2010 after being used in a cyberattack against an Iranian nuclear facility, according to an analysis by the Langner Group's Ralph Langner. He reverse-engineered the code of the two versions of Stuxnet and found that the early version of Stuxnet, which has been nicknamed Stuxnet 0.5, was designed to infect Siemens S7-417 controllers in order to overpressure the gas centrifuges that were utilized in the uranium enrichment process.

By comparison, the later version of Stuxnet targeted the Siemens S7-315 controller and was designed to accelerate the rate at which the centrifuges spun in order to disable them.

Langner says the first version of the attack would have caused catastrophic damage to the Natanz facility, as it would have resulted in the destruction of hundreds of centrifuges per infected controller. However, the large amount of destruction would have made it more likely that Stuxnet 0.5 would have been detected by Iranian engineers following such an attack.

Langner believes the change in Stuxnet's capabilities is likely indicative of a change in the policy and strategy underlying the attack, as well as a change in the stakeholders involved.

From Dark Reading
View Full Article



No entries found