Iran targeted by industrial theft worm

Stuxnet worm which attempts to steal industrial control systems data hits Iran hardest

Tags: Cyber crimeIranSymantec Corporation
  • E-Mail
Iran targeted by industrial theft worm The Stuxnet worm targets Siemens industrial control systems, and attempts to steal design documents and data.
By  Mark Sutton Published  July 26, 2010

Iran appears to have been the main target of the Stuxnet worm, which tries to steal data from industrial control systems.

The worm, which was first discovered last month, targets Siemens SCADA (supervisory control and data acquisition) management systems, which are most commonly used in industrial manufacturing facilities and utilities plants.

The worm, which is propagated by infected USB drives, uses a legitimate digital certificate from a major third party and a previously unknown bug in Windows, to attempt to find SCADA systems and design documents, and then upload them to an online command and control server, in what appears to be an attempt to steal industrial documents.

According to data collated by Symantec, almost 60% of all infected systems are in Iran, with Indonesia accounting for a further 18% of infections and India 8%. Although Symantec was not able to give a reason or a culprit for the attacks, security researcher Vikram Thakur, wrote in a Symantec blog, that: "It is evident that W32.Stuxnet was created and distributed with the intent of stealing critical infrastructure documents in organizations in specific countries."

The company says it is still analysing the situation.

A free virus scanner posted by Siemens earlier this week has been downloaded 1,500 times, according to the company.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code