Stuxnet worm hit five sites in Iran

The game-changing Stuxnet worm targeted five separate organisations in Iran dating back to June 2009, researchers from security firm Symantec have revealed in a new report.

The Security Intel Analysis Team said in a post on the official Symantec security blog that they have now accrued 3,280 unique samples of Stuxnet representing approximately 12,000 infections.

"While this is only a percentage of all known infections, we were able to learn some interesting aspects of how Stuxnet spread and where it was targeted, " the firm noted.

The Symantec W32.Stuxnet Dossier (PDF) said that the 12,000 infections can all be traced back to five organisations, all of which have a presence in Iran. Three were targeted once, one was targeted twice, and another was targeted three times.

The organisations were targeted in June 2009, July 2009, March 2010, April 2010, and May 2010.

It was originally thought that the Stuxnet attacks were aimed specifically at two main sites in Iran, the uranium enrichment plant at Natanz and/or the nuclear reactor at Bushehr.

Iranian officials have been tight lipped on the effect of the attacks. Iran's Mehr news agency reported in September that Stuxnet had infected "the IP addresses of 30,000 industrial computer systems" in the country, although it declined to be more specific about the incident at Bushehr.

Then Ali-Akbar Salehi, head of Iran's Atomic Energy Organisation, told the Islamic Republic News Agency in November that reports in the western media of damage to the country's uranium enrichment programme were wide of the mark.

Stuxnet has widely been described by security experts as a game-changer in terms of its sophistication and highly targeted nature, factors which have led to many suspecting that it may have been a state-sponsored attack by the US or Israel.