All the latest UK technology news, reviews and analysis

Governments preparing Stuxnet 2.0 malware for nuclear strike

03 Dec 2013
Cooling towers at a nuclear power station

The Israeli and Saudi Arabian governments are working to create a new, even more destructive variant of the notorious Stuxnet malware, according to local Iranian news outlet Farsnews.

Farsnews reported that an unnamed source with links inside the Saudi Arabian secret service confirmed the news, warning the two nations plan to use it to further disrupt Iran's nuclear power program.

"Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on 24 November to increase the two sides' co-operation in intelligence and sabotage operations against Iran's nuclear program," claimed the unnamed source.

"One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet (a comprehensive US-Israeli program designed to disrupt Iran's nuclear technology) to spy on and destroy the software structure of Iran's nuclear program."

The original Stuxnet malware was uncovered targeting Iranian nuclear systems in 2010, and is believed to have been a joint project between the US and Israeli governments. The malware is considered a game changer in the security community for its ability to physically sabotage systems in power plants.

It is currently unclear if the Farsnews report is accurate, though director of security strategy at FireEye Jason Steer said it is certainly plausible.

"Given that this has already happened with Stuxnet, it is certainly more than plausible to believe that Stuxnet 2.0 is also possible. One would be naive to assume it wouldn't happen again. With the change in relationship between Iran and the US, it is highly likely that Israel and Saudi Arabia united to try and negate the threat of nuclear bombs on their front door,” he said.

The original Stuxnet worm hijacked control of Siemens industrial control systems, then forced them to alter key processes to damage machinery. The malware has since managed to spread outside of Iran and has affected several other power plants, some close to Europe.

Steer told V3 that, given how successful the original Stuxnet was at spreading, the fallout of a more advanced variant could be devastating for power plants, but will be of little concern to most regular businesses.

“Stuxnet was pretty powerful at disrupting the SCADA environment it was introduced to and has since jumped and gone into the wild – where it has even appeared on the International Space Station and Russian power stations, that we are aware of. So we should expect Stuxnet 2.0 to have an impact of a similar nature,” he said.

“Most businesses don't run SCADA [supervisory control and data acquisition] systems so unless you run a refinery, oil pipeline or something similar, then they will be safe from these types of industrial-style attacks. Most businesses should be more worried about the cybercrime attacks that wash up via email and on web pages their employees surf to every day that will enable remote access capabilities to their network, like Zeus and Houdini, that are exfiltrating data out of their business.”

Security tycoon Eugene Kaspersky confirmed in November that at least one Russian Nuclear Plant has been very badly infected by Stuxnet. Security experts have since said it is only a matter of time before a Stuxnet infection is discovered in the UK.

Attacks on critical infrastructure areas, such as power, are a growing problem facing governments and businesses. Numerous other cyber attacks have been uncovered hitting companies involved in critical infrastructure areas, and many of these attacks are currently believed to stem from China.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Related jobs

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Product Manager - Enterprise Software Vendor - London

Senior Product Manager sought for Global Enterprise Software...

Director - Business Analysis to 115k base fx banking

Director - Business Analysis - FX banking to c.115k base...

Mobile Application Developer (iOS, Android, Core Animation, C++

Mobile Application Developer (iOS, Android, Core Animation...

Head of IT (Business Systems)

Head of IT with retail experience currently required...
To send to more than one email address, simply separate each address with a comma.