Researchers have revealed that the highly sophisticated Stuxnet worm was designed to exploit an unprecedented four zero-day vulnerabilities in a bid to disrupt industrial systems.
The worm first appeared in July and was spread via infected USB devices. The malware was specifically designed to target firms running supervisory control and data acquisition (Scada) systems, according to Symantec threat intelligence officer Patrick Fitzgerald.
These are industrial systems used to control manufacturing processes from centralised locations, for example to alter the motor work rate of a machine on a factory floor, or the pressure in a pipeline. Typical environments could be oil pipelines and power plants.
"It's the first threat we've seen that specifically targets industrial systems, which is why it's so serious because of the potential outcomes," said Fitzgerald.
Stuxnet exploits an unpatched zero-day Windows vulnerability to gain initial access to the network, before exploiting a second flaw to try to spread internally within the network.
"It hops from machine to machine until it locates a machine with Scada on it, then reports via a command-and-control system to the attacker," explained Fitzgerald.
"The remaining two zero-day vulnerabilities are used to get the system level privileges it needs."
Given the time and effort required to craft this highly sophisticated attack, Fitzgerald argued that it could be the work of state-sponsored hackers, although he admitted that there is no firm evidence of this.
The highest concentration of infections found globally thus far has been in Iran, he said, adding weight to the theory.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago