Iran confirms Stuxnet attack on nuclear site

The Stuxnet malware has infected thousands of computers inside Iran, with officials calling the situation 'electronic war' against the country
Written by Rupert Goodwins, Contributor

The Iranian Bushehr Nuclear Power Plant Executive confirmed on Sunday that its nuclear reactor project had been infected by the Stuxnet virus, but said that no significant harm had been done.

Stuxnet is complex self-replicating malware that uses Windows vulnerabilities to insert itself into Scada (supervisory control and data acquisition) industrial control systems made by Siemens, which it then scans for information to report back to its controllers over the internet. Under some conditions, it can then take control of the industrial systems.

Project manager Mahmoud Jaafari told the Islamic Republic News Agency that the virus had caused no damage to the main systems, and that the infection had been found in the personal computers of employees at the nuclear power plant. The incident had not delayed the completion of the plant, he said.

On Saturday, the Iranian news agency Mehr reported that 30,000 industrial computer systems had been infected. The director of the Information Technology Council of the Industries and Mines Ministry, Mahmoud Liali, told the agency that "an electronic war has been launched against Iran".

"[The Siemens Scada systems] are the main target of the worm, and even if the infected IPs are rid of it, the danger will persist until the virus has not been completely eliminated from the country," Mehr said, according to the Iran Daily newspaper.

"When activated, Stuxnet starts transmitting data about industrial production lines and office automation to the destination determined for it. There, the data is processed by the architects of the worm to hatch plots against the country," it quoted Mehr as saying.

In a technical advisory issued on 17 September, Siemens said: "The behavioral pattern of Stuxnet suggests that the virus is apparently only activated in plants with a specific configuration... This means that Stuxnet is obviously targeting a specific process or a plant and not a particular brand or process technology and not the majority of industrial applications."

According to Symantec, some 60 percent of network traffic generated by Stuxnet over the summer came from Iran.

Editorial standards