{ "id": "e46ef9c4-1a2f-43c6-9176-5747b4d37273", "created_at": "2026-04-06T00:18:12.081389Z", "updated_at": "2026-04-10T03:35:29.179274Z", "deleted_at": null, "sha1_hash": "7eebbb189c095fa86bbed9ee26a2cc2946b4f0ba", "title": "Stuxnet", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 740860, "plain_text": "Stuxnet\r\nBy Contributors to Wikimedia projects\r\nPublished: 2010-09-16 · Archived: 2026-04-05 14:43:44 UTC\r\nStuxnet\r\nMalware details\r\nTechnical name\r\nAs Stuxnet\r\nBy Microsoft\r\nWorm:Win32/Stuxnet.[Letter]\r\nTrojanDropper:Win32/Stuxnet\r\nBy Symantec\r\nW32.Stuxnet\r\nW32.Stuxnet!lnk\r\nBy Sophos\r\nTroj/Stuxnet-[Letter]\r\nTrojan-Dropper.Win32.Stuxnet.[Letter]\r\nWorm.Win32.Stuxnet.[Letter]\r\nTR/Drop.Stuxnet.[Letter].[Number]\r\nBy Kaspersky\r\nWorm.Win32.Stuxnet\r\nBy F-Secure\r\nTrojan-Dropper:W32/Stuxnet\r\nRootkit:W32/Stuxnet\r\nBy Trend Micro\r\nRTKT_STUXNET.[Letter]\r\nLNK_STUXNET.[Letter]\r\nWORM_STUXNET.[Letter]\r\nType Dropper\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 1 of 28\n\nClassification Computer worm\r\nOrigin United States\r\nAuthor Equation Group\r\nTechnical details\r\nPlatforms\r\nWindows 2000\r\nWindows XP\r\nWindows Server 2003\r\nWindows Vista\r\nWindows Server 2008\r\nWindows 7\r\nWindows Server 2008 R2\r\nSource:\r\n[1]\r\nSize ~0.5MB\r\nWritten in C, C++ and others\r\nStuxnet is a malicious computer worm first uncovered on 17 June 2010[2] and thought to have been in\r\ndevelopment since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is\r\nbelieved to be responsible for causing substantial damage to the Iran nuclear program after it was first installed on\r\na computer at the Natanz Nuclear Facility in 2009.[3][4] Although neither the United States nor Israel has openly\r\nadmitted responsibility, multiple independent news organizations claim Stuxnet to be a cyberweapon built jointly\r\nby the two countries in a collaborative effort known as Operation Olympic Games.\r\n[5][6][7]\r\n The program, started\r\nduring the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.\r\n[8]\r\nStuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of\r\nelectromechanical processes such as those used to control machinery and industrial processes including gas\r\ncentrifuges for separating nuclear material. Exploiting four zero-day flaws in the systems,[9] Stuxnet functions by\r\ntargeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7\r\nsoftware. Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing\r\nthe fast-spinning centrifuges to tear themselves apart.[3] Stuxnet's design and architecture are not domain-specific\r\nand it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g., in factory assembly\r\nlines or power plants), most of which are in Europe, Japan and the United States.[10] Stuxnet reportedly destroyed\r\nalmost one-fifth of Iran's nuclear centrifuges.\r\n[11]\r\n Targeting industrial control systems, the worm infected over\r\n200,000 computers and caused 1,000 machines to physically degrade.[12]\r\nStuxnet has three modules: a worm that executes all routines related to the main payload of the attack, a link file\r\nthat automatically executes the propagated copies of the worm and a rootkit component responsible for hiding all\r\nmalicious files and processes to prevent detection of Stuxnet.[13] It is typically introduced to the target\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 2 of 28\n\nenvironment via an infected USB flash drive, thus crossing any air gap. The worm then propagates across the\r\nnetwork, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion,\r\nStuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected\r\nrootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while\r\nreturning a loop of normal operation system values back to the users.[14][15]\r\nStuxnet, discovered by Sergey Ulasen from a Belarusian antivirus company VirusBlokAda, initially spread via\r\nMicrosoft Windows, and targeted Siemens industrial control systems. While it is not the first time that hackers\r\nhave targeted industrial systems,[16] nor the first publicly known intentional act of cyberwarfare to be\r\nimplemented, it is the first discovered malware that spies on and subverts industrial systems,[17] and the first to\r\ninclude a programmable logic controller (PLC) rootkit.\r\n[18][19]\r\nThe worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to\r\ntarget only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and\r\nmonitor specific industrial processes.[20][21] Stuxnet infects PLCs by subverting the Step-7 software application\r\nthat is used to reprogram these devices.[22][23]\r\nDifferent variants of Stuxnet targeted five Iranian organizations,[24] with the probable target widely suspected to\r\nbe uranium enrichment infrastructure in Iran;\r\n[23][25][26]\r\n Symantec noted in August 2010 that 60 percent of the\r\ninfected computers worldwide were in Iran.[27] Siemens stated that the worm caused no damage to its customers,\r\n[17]\r\n but the Iran nuclear program, which uses embargoed Siemens equipment procured secretly, was damaged by\r\nStuxnet.[28][29][30] Kaspersky Lab concluded that the sophisticated attack could only have been conducted \"with\r\nnation-state support\".[31] F-Secure's chief researcher Mikko Hyppönen, when asked if possible nation-state\r\nsupport were involved, agreed: \"That's what it would look like, yes.\"[32]\r\nIn May 2011, the PBS program Need To Know cited a statement by Gary Samore, White House Coordinator for\r\nArms Control and Weapons of Mass Destruction, in which he said \"we're glad they [the Iranians] are having\r\ntrouble with their centrifuge machine and that we – the U.S. and its allies – are doing everything we can to make\r\nsure that we complicate matters for them\", offering \"winking acknowledgement\" of United States involvement in\r\nStuxnet.[33] According to The Daily Telegraph, a showreel that was played at a retirement party for the head of the\r\nIsrael Defense Forces (IDF), Gabi Ashkenazi, included references to Stuxnet as one of his operational successes as\r\nthe IDF chief of staff.[34]\r\nOn 1 June 2012, an article in The New York Times reported that Stuxnet was part of a US and Israeli intelligence\r\noperation named Operation Olympic Games, devised by the NSA under President George W. Bush and executed\r\nunder President Barack Obama.\r\n[35]\r\nOn 24 July 2012, an article by Chris Matyszczyk from CNET[36] reported that the Atomic Energy Organization of\r\nIran e-mailed F-Secure's chief research officer Mikko Hyppönen to report a new instance of malware.\r\nOn 25 December 2012, an Iranian semi-official news agency announced there was a cyberattack by Stuxnet, this\r\ntime on the industries in the southern area of the country. The malware targeted a power plant and some other\r\nindustries in Hormozgan province in 2012.[37]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 3 of 28\n\nAccording to Eugene Kaspersky, the worm also infected a nuclear power plant in Russia. Kaspersky noted,\r\nhowever, that since the power plant is not connected to the public Internet, the system should remain safe.[38]\r\nThe worm was first identified by the security company VirusBlokAda in mid-June 2010.[22] Journalist Brian\r\nKrebs's blog post on 15 July 2010 was the first widely read report on the worm.[39][40] The original name given by\r\nVirusBlokAda was \"Rootkit.Tmphider;\"[41] Symantec, however, called it \"W32.Temphid\", later changing it to\r\n\"W32.Stuxnet\".[42] Its current name is derived from a combination of keywords found in the software (\".stub\" and\r\n\"mrxnet.sys\").[43][44] The timing of the discovery has been attributed to the virus accidentally spreading beyond\r\nits intended target due to a programming error introduced in an update. This may have caused the worm to spread\r\nto an engineer's computer connected to the centrifuges, further propagating when the engineer later connected to\r\nthe internet at home.[35]\r\nKaspersky Lab experts initially estimated that Stuxnet began spreading around March or April 2010,[45] but the\r\nfirst variant of the worm appeared in June 2009.[22] On 15 July 2010, the day the worm's existence became widely\r\nknown, a distributed denial-of-service attack targeted the servers of two leading mailing lists on industrial-systems\r\nsecurity. This attack, from an unknown source but possibly related to Stuxnet, disabled one of the lists,\r\ninterrupting a key information source for power plants and factories.[40] Separately, researchers at Symantec\r\nuncovered a version of the Stuxnet computer virus that was used to attack Iran's nuclear program in November\r\n2007, with evidence indicating it was under development as early as 2005, when Iran was still setting up its\r\nuranium enrichment facility.\r\n[46]\r\nThe second variant, with substantial improvements, appeared in March 2010, reportedly due to concerns that\r\nStuxnet was not spreading fast enough. A third variant, with minor improvements, followed in April 2010.[40] The\r\nworm contains a component with a build timestamp from 3 February 2010.[47] On 25 November 2010, Sky News\r\nin the United Kingdom reported receiving information from an anonymous source at an unidentified IT security\r\norganization claiming that Stuxnet, or a variation of the worm, had been traded on the black market.\r\n[48]\r\nIn 2015, Kaspersky Lab reported that the Equation Group had used two of the same zero-day attacks prior to their\r\nuse in Stuxnet, in another malware called fanny.bmp.[49][50] Kaspersky Lab noted that \"the similar type of usage\r\nof both exploits together in different computer worms, at around the same time, indicates that the Equation Group\r\nand the Stuxnet developers are either the same or working closely together\".[51]\r\nIn 2019, Chronicle researchers Juan Andres Guerrero-Saade and Silas Cutler presented findings indicating that at\r\nleast four distinct threat actor malware platforms collaborated in developing the different versions of Stuxnet.[52]\r\n[53]\r\n The collaboration was referred to as 'GOSSIP GIRL', a name derived from a threat group mentioned in\r\nclassified CSE slides that included Flame.[54] GOSSIP GIRL is described as a cooperative umbrella encompassing\r\nthe Equation Group, Flame, Duqu, and Flowershop (also known as 'Cheshire Cat').[55][56][57]\r\nIn 2020, researcher Facundo Muñoz presented findings suggesting that Equation Group may have collaborated\r\nwith Stuxnet developers in 2009 by providing at least one zero-day exploit,[58] and one exploit from 2008[59] that\r\nwas actively used by the Conficker computer worm and Chinese hackers.[60] In 2017, a group of hackers known\r\nas The Shadow Brokers leaked a collection of tools attributed to Equation Group, including new versions of both\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 4 of 28\n\nexploits compiled in 2010. Analysis of the leaked data indicated significant code overlaps, as both Stuxnet's\r\nexploits and Equation Group's exploits were developed using a set of libraries called the \"Exploit Development\r\nFramework\", also leaked by The Shadow Brokers.\r\nA study of the spread of Stuxnet by Symantec showed that the main affected countries in the early days of the\r\ninfection were Iran, Indonesia and India:[61]\r\nCountry Share of infected computers\r\nIran 58.9%\r\nIndonesia 18.2%\r\nIndia 8.3%\r\nAzerbaijan 2.6%\r\nUnited States 1.6%\r\nPakistan 1.3%\r\nOther countries 9.2%\r\nIran was reported to have fortified its cyberwar abilities following the Stuxnet attack, and has been suspected of\r\nretaliatory attacks.[62][63] These include attacks against United States banks in the Operation Ababil campaign of\r\n2012-2013,[64] the 2012 Shamoon attack against oil giant Saudi Aramco,[65][66] and the 2014 strike against Las\r\nVegas Sands Corporation.[67][68]\r\nUnlike most malware, Stuxnet does little harm to computers and networks that do not meet specific configuration\r\nrequirements; \"The attackers took great care to make sure that only their designated targets were hit ... It was a\r\nmarksman's job.\"[69] While the worm is promiscuous, it makes itself inert if Siemens software is not found on\r\ninfected computers, and contains safeguards to prevent each infected computer from spreading the worm to more\r\nthan three others, and to erase itself on 24 June 2012.[40]\r\nFor its targets, Stuxnet contains, among other things, code for a man-in-the-middle attack that fakes industrial\r\nprocess control sensor signals so an infected system does not shut down due to detected abnormal behavior.\r\n[40][69]\r\n[70]\r\n Such complexity is unusual for malware. The worm consists of a layered attack against three different\r\nsystems:\r\n1. The Windows operating system,\r\n2. Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows and\r\n3. One or more Siemens S7 PLCs.\r\nStuxnet attacked Windows systems using an unprecedented four zero-day attacks (plus the CPLINK vulnerability\r\nand a vulnerability used by the Conficker worm[71]). It is initially spread using infected removable drives such as\r\nUSB flash drives,\r\n[23][47]\r\n which contain Windows shortcut files to initiate executable code.[72] The worm then uses\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 5 of 28\n\nother exploits and techniques such as peer-to-peer remote procedure call (RPC) to infect and update other\r\ncomputers inside private networks that are not directly connected to the Internet.[73][74][75] The number of zero-day exploits used is unusual, as they are highly valued and malware creators do not typically make use of (and\r\nthus simultaneously make visible) four different zero-day exploits in the same worm.[25] Amongst these exploits\r\nwere remote code execution on a computer with Printer Sharing enabled,[76] and the LNK/PIF vulnerability,\r\n[77]\r\n in\r\nwhich file execution is accomplished when an icon is viewed in Windows Explorer, negating the need for user\r\ninteraction.[78] Stuxnet is unusually large at half a megabyte in size,[73] and written in several different\r\nprogramming languages (including C and C++) which is also irregular for malware.[17][22][70] The Windows\r\ncomponent of the malware is promiscuous in that it spreads relatively quickly and indiscriminately.\r\n[47]\r\nThe malware has both user mode and kernel mode rootkit ability under Windows,[75] and its device drivers have\r\nbeen digitally signed with the private keys of two public key certificates that were stolen from separate well-known companies, JMicron and Realtek, both located at Hsinchu Science Park in Taiwan.[47][73]\r\n The driver\r\nsigning helped it install kernel mode rootkit drivers successfully without users being notified, and thus it remained\r\nundetected for a relatively long period of time.[79] Both compromised certificates have been revoked by Verisign.\r\nTwo websites in Denmark and Malaysia were configured as command and control servers for the malware,\r\nallowing it to be updated, and for industrial espionage to be conducted by uploading information. Both of these\r\ndomain names have subsequently been redirected by their DNS service provider to Dynadot as part of a global\r\neffort to disable the malware.[75][40]\r\nStep 7 software infection\r\n[edit]\r\nOverview of normal communications between Step 7 and a Siemens PLC\r\nOverview of Stuxnet hijacking communication between Step 7 software and a Siemens PLC\r\nAccording to researcher Ralph Langner,\r\n[80][81]\r\n once installed on a Windows system, Stuxnet infects project files\r\nbelonging to Siemens' WinCC/PCS 7 SCADA control software[82] (Step 7), and subverts a key communication\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 6 of 28\n\nlibrary of WinCC called s7otbxdx.dll . Doing so intercepts communications between the WinCC software\r\nrunning under Windows and the target Siemens PLC devices, when the two are connected via a data cable. The\r\nmalware is able to modify the code on PLC devices unnoticed, and subsequently to mask its presence from\r\nWinCC if the control software attempts to read an infected block of memory from the PLC system.[75]\r\nThe malware also used a zero-day exploit in the WinCC/SCADA database software in the form of a hard-coded\r\ndatabase password.[83]\r\nSiemens Simatic S7-300 PLC CPU with three I/O modules attached\r\nStuxnet's payload targets only those SCADA configurations that meet criteria that it is programmed to identify.\r\n[40]\r\nStuxnet requires specific subordinate system to be attached to the targeted Siemens S7-300 controller system:\r\nvariable-frequency drives (frequency converter drives) and its associated modules. It only attacks those PLC\r\nsystems with variable-frequency drives from two specific vendors: Vacon based in Finland and Fararo Paya based\r\nin Iran.[84] Furthermore, it monitors the frequency of the attached motors, and only attacks systems that spin\r\nbetween 807 Hz and 1,210 Hz. This is a much higher frequency than motors typically operate at in most industrial\r\napplications, with the notable exception of gas centrifuges.\r\n[84]\r\n Stuxnet installs malware into memory block\r\nDB890 of the PLC that monitors the Profibus messaging bus of the system.[75] When certain criteria are met, it\r\nperiodically modifies the frequency to 1,410 Hz and then to 2 Hz and then to 1,064 Hz, and thus affects the\r\noperation of the connected motors by changing their rotational speed.[84] It also installs a rootkit – the first such\r\ndocumented case on this platform – that hides the malware on the system and masks the changes in rotational\r\nspeed from monitoring systems.\r\nSiemens has released a detection and removal tool for Stuxnet. Siemens recommends contacting customer support\r\nif an infection is detected and advises installing Microsoft updates for security vulnerabilities and prohibiting the\r\nuse of third-party USB flash drives.\r\n[85]\r\n Siemens also advises immediately upgrading password access codes.[86]\r\nThe worm's ability to reprogram external PLCs may complicate the removal procedure. Symantec's Liam\r\nO'Murchu warns that fixing Windows systems may not fully solve the infection; a thorough audit of PLCs may be\r\nnecessary. Despite speculation that incorrect removal of the worm could cause damage,[17] Siemens reports that in\r\nthe first four months since discovery, the malware was successfully removed from the systems of 22 customers\r\nwithout any adverse effects.[85][87]\r\nControl system security\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 7 of 28\n\n[edit]\r\nPrevention of control system security incidents,[88] such as from viral infections like Stuxnet, is a topic that is\r\nbeing addressed in both the public and the private sector.\r\nThe US Department of Homeland Security National Cyber Security Division (NCSD) operates the Control\r\nSystem Security Program (CSSP).[89] The program operates a specialized computer emergency response team\r\ncalled the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), conducts a biannual\r\nconference (ICSJWG), provides training, publishes recommended practices, and provides a self-assessment tool.\r\nAs part of a Department of Homeland Security plan to improve American computer security, in 2008 it and the\r\nIdaho National Laboratory (INL) worked with Siemens to identify security holes in the company's widely used\r\nProcess Control System 7 (PCS 7) and its software Step 7. In July 2008, INL and Siemens publicly announced\r\nflaws in the control system at a Chicago conference; Stuxnet exploited these holes in 2009.[69]\r\nSeveral industry organizations[90][91] and professional societies[92][93] have published standards and best practice\r\nguidelines providing direction and guidance for control system end-users on how to establish a control system\r\nsecurity management program. The basic premise that all of these documents share is that prevention requires a\r\nmulti-layered approach, often termed defense in depth.\r\n[94]\r\n The layers include policies and procedures, awareness\r\nand training, network segmentation, access control measures, physical security measures, system hardening, e.g.,\r\npatch management, and system monitoring, anti-virus and intrusion prevention system (IPS). The standards and\r\nbest practices[who?] also all[improper synthesis?] recommend starting with a risk analysis and a control system\r\nsecurity assessment.[95][96]\r\nThis section needs to be updated. Please help update this article to reflect recent events or newly\r\navailable information. (December 2017)\r\nStuxnet may be the largest and costliest development effort in malware history.\r\n[40]\r\n Developing its abilities would\r\nhave required a team of capable programmers, in-depth knowledge of industrial processes, and an interest in\r\nattacking industrial infrastructure.[17][22] Eric Byres, who has years of experience maintaining and\r\ntroubleshooting Siemens systems, told Wired that writing the code would have taken many man-months, if not\r\nman-years.[73] Symantec estimates that the group developing Stuxnet would have consisted of between five and\r\nthirty people, and would have taken six months to prepare.[97][40] The Guardian, the BBC and The New York\r\nTimes all claimed that (unnamed) experts studying Stuxnet believe the complexity of the code indicates that only a\r\nnation-state would have the abilities to produce it.[25][97][98] The self-destruct and other safeguards within the\r\ncode implied that a Western government was responsible, or at least is responsible for its development.[40]\r\nHowever, software security expert Bruce Schneier initially condemned the 2010 news coverage of Stuxnet as\r\nhype, stating that it was almost entirely based on speculation.[99] But after subsequent research, Schneier stated in\r\n2012 that \"we can now conclusively link Stuxnet to the centrifuge structure at the Natanz nuclear enrichment lab\r\nin Iran\".[100]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 8 of 28\n\nIn late December 2008, Dutch engineer Erik van Sabben travelled to Iran, allegedly to infiltrate the Natanz nuclear\r\nfacility on behalf of Dutch intelligence and install equipment infected with Stuxnet.[101][102] He died two weeks\r\nafter the Stuxnet attack at age 36 in an apparent single-vehicle motorcycle accident in Dubai.\r\n[103]\r\nRalph Langner, the researcher who identified that Stuxnet infected PLCs,[23] first speculated publicly in\r\nSeptember 2010 that the malware was of Israeli origin, and that it targeted Iranian nuclear facilities.[104] However\r\nLangner more recently, at a TED conference, recorded in February 2011, stated that \"My opinion is that the\r\nMossad is involved, but that the leading force is not Israel. The leading force behind Stuxnet is the cyber\r\nsuperpower – there is only one; and that's the United States.\"[105] Kevin Hogan, Senior Director of Security\r\nResponse at Symantec, reported that most infected systems were in Iran (about 60%),[106] which has led to\r\nspeculation that it may have been deliberately targeting \"high-value infrastructure\" in Iran[25] including either the\r\nBushehr Nuclear Power Plant or the Natanz nuclear facility.\r\n[73][107][108]\r\n Langner called the malware \"a one-shot\r\nweapon\" and said that the intended target was probably hit,[109] although he admitted this was speculation.[73]\r\nAnother German researcher and spokesman of the German-based Chaos Computer Club, Frank Rieger, was the\r\nfirst to speculate that Natanz was the target.[40]\r\nNatanz nuclear facilities\r\n[edit]\r\nAnti-aircraft guns guarding Natanz Nuclear Facility\r\nAccording to the Israeli newspaper Haaretz, in September 2010 experts on Iran and computer security specialists\r\nwere increasingly convinced that Stuxnet was meant \"to sabotage the uranium enrichment facility at Natanz –\r\nwhere the centrifuge operational capacity had dropped over the past year by 30 percent\".[110] On 23 November\r\n2010 it was announced that uranium enrichment at Natanz had ceased several times because of a series of major\r\ntechnical problems.[111] A \"serious nuclear accident\" (supposedly the shutdown of some of its centrifuges[112])\r\noccurred at the site in the first half of 2009, which is speculated to have forced Gholam Reza Aghazadeh, the head\r\nof the Atomic Energy Organization of Iran (AEOI), to resign.[113] Statistics published by the Federation of\r\nAmerican Scientists (FAS) show that the number of enrichment centrifuges operational in Iran mysteriously\r\ndeclined from about 4,700 to about 3,900 beginning around the time the nuclear incident WikiLeaks mentioned\r\nwould have occurred.[114] The Institute for Science and International Security (ISIS) suggests, in a report\r\npublished in December 2010, that Stuxnet is a reasonable explanation for the apparent damage[115] at Natanz, and\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 9 of 28\n\nmay have destroyed up to 1,000 centrifuges (10 percent) sometime between November 2009 and late January\r\n2010. The authors conclude:\r\nThe attacks seem designed to force a change in the centrifuge's rotor speed, first raising the speed and\r\nthen lowering it, likely with the intention of inducing excessive vibrations or distortions that would\r\ndestroy the centrifuge. If its goal was to quickly destroy all the centrifuges in the FEP [Fuel Enrichment\r\nPlant], Stuxnet failed. But if the goal was to destroy a more limited number of centrifuges and set back\r\nIran's progress in operating the FEP, while making detection difficult, it may have succeeded, at least\r\ntemporarily.\r\n[115]\r\nThe Institute for Science and International Security (ISIS) report further notes that Iranian authorities have\r\nattempted to conceal the breakdown by installing new centrifuges on a large scale.[115][116]\r\nThe worm worked by first causing an infected Iranian IR-1 centrifuge to increase from its normal operating speed\r\nof 1,064 hertz to 1,410 hertz for 15 minutes before returning to its normal frequency. Twenty-seven days later, the\r\nworm went back into action, slowing the infected centrifuges down to a few hundred hertz for a full 50 minutes.\r\nThe stresses from the excessive, then slower, speeds caused the aluminium centrifugal tubes to expand, often\r\nforcing parts of the centrifuges into sufficient contact with each other to destroy the machine.[117]\r\nAccording to The Washington Post, International Atomic Energy Agency (IAEA) cameras installed in the Natanz\r\nfacility recorded the sudden dismantling and removal of approximately 900–1,000 centrifuges during the time the\r\nStuxnet worm was reportedly active at the plant. Iranian technicians, however, were able to quickly replace the\r\ncentrifuges and the report concluded that uranium enrichment was likely only briefly disrupted.[118]\r\nOn 15 February 2011, the Institute for Science and International Security released a report concluding that:\r\nAssuming Iran exercises caution, Stuxnet is unlikely to destroy more centrifuges at the Natanz plant.\r\nIran likely cleaned the malware from its control systems. To prevent re-infection, Iran will have to\r\nexercise special caution since so many computers in Iran contain Stuxnet. Although Stuxnet appears to\r\nbe designed to destroy centrifuges at the Natanz facility, destruction was by no means total. Moreover,\r\nStuxnet did not lower the production of low enriched uranium (LEU) during 2010. LEU quantities\r\ncould have certainly been greater, and Stuxnet could be an important part of the reason why they did not\r\nincrease significantly. Nonetheless, there remain important questions about why Stuxnet destroyed only\r\n1,000 centrifuges. One observation is that it may be harder to destroy centrifuges by use of cyber\r\nattacks than often believed.[119]\r\nThe Associated Press reported that the semi-official Iranian Students News Agency released a statement on 24\r\nSeptember 2010 stating that experts from the Atomic Energy Organization of Iran met in the previous week to\r\ndiscuss how Stuxnet could be removed from their systems.[21] According to analysts, such as David Albright,\r\nWestern intelligence agencies had been attempting to sabotage the Iranian nuclear program for some time.[120]\r\n[121]\r\nThe head of the Bushehr Nuclear Power Plant told Reuters that only the personal computers of staff at the plant\r\nhad been infected by Stuxnet and the state-run newspaper Iran Daily quoted Reza Taghipour, Iran's\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 10 of 28\n\ntelecommunications minister, as saying that it had not caused \"serious damage to government systems\".[98]\r\n The\r\nDirector of Information Technology Council at the Iranian Ministry of Industries and Mines, Mahmud Liaii, has\r\nsaid that: \"An electronic war has been launched against Iran ... This computer worm is designed to transfer data\r\nabout production lines from our industrial plants to locations outside Iran.\"[122]\r\nIn response to the infection, Iran assembled a team to combat it. With more than 30,000 IP addresses affected in\r\nIran, an official said that the infection was fast spreading in Iran and the problem had been compounded by the\r\nability of Stuxnet to mutate. Iran had set up its own systems to clean up infections and had advised against using\r\nthe Siemens SCADA antivirus since it is suspected that the antivirus contains embedded code which updates\r\nStuxnet instead of removing it.[123][124][125][126]\r\nAccording to Hamid Alipour, deputy head of Iran's government Information Technology Company, \"The attack is\r\nstill ongoing and new versions of this virus are spreading.\" He reported that his company had begun the cleanup\r\nprocess at Iran's \"sensitive centres and organizations\".[124] \"We had anticipated that we could root out the virus\r\nwithin one to two months, but the virus is not stable, and since we started the cleanup process three new versions\r\nof it have been spreading\", he told the Islamic Republic News Agency on 27 September 2010.[126]\r\nOn 29 November 2010, Iranian president Mahmoud Ahmadinejad stated for the first time that a computer virus\r\nhad caused problems with the controller handling the centrifuges at its Natanz facilities. According to Reuters, he\r\ntold reporters at a news conference in Tehran: \"They succeeded in creating problems for a limited number of our\r\ncentrifuges with the software they had installed in electronic parts.\"[127][128]\r\nOn the same day two Iranian nuclear scientists were targeted in separate, but nearly simultaneous car bomb attacks\r\nnear Shahid Beheshti University in Tehran. Majid Shahriari, a quantum physicist, was killed. Fereydoon Abbasi, a\r\nhigh-ranking official at the Ministry of Defense was seriously wounded. Wired speculated that the assassinations\r\ncould indicate that whoever was behind Stuxnet felt that it was not sufficient to stop the nuclear program.[129]\r\nThat same Wired article suggested the Iranian government could have been behind the assassinations.[129] In\r\nJanuary 2010, another Iranian nuclear scientist, a physics professor at Tehran University, was killed in a similar\r\nbomb explosion.[129] On 11 January 2012, a director of the Natanz nuclear enrichment facility, Mostafa Ahmadi\r\nRoshan, was killed in an attack quite similar to the one that killed Shahriari.[130]\r\nAn analysis by the FAS demonstrates that Iran's enrichment capacity grew during 2010. The study indicated that\r\nIran's centrifuges appeared to be performing 60% better than in the previous year, which would significantly\r\nreduce Tehran's time to produce bomb-grade uranium. The FAS report was reviewed by an official with the IAEA\r\nwho affirmed the study.\r\n[131][132][133]\r\nEuropean and US officials, along with private experts, told Reuters that Iranian engineers were successful in\r\nneutralizing and purging Stuxnet from their country's nuclear machinery.\r\n[134]\r\nGiven the growth in Iranian enrichment ability in 2010, the country may have intentionally put out misinformation\r\nto cause Stuxnet's creators to believe that the worm was more successful in disabling the Iranian nuclear program\r\nthan it actually was.[40]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 11 of 28\n\nIsrael, through Unit 8200,\r\n[135][136]\r\n has been speculated to be the country behind Stuxnet in multiple media\r\nreports[97][112][137] and by experts such as Richard A. Falkenrath, former Senior Director for Policy and Plans\r\nwithin the US Office of Homeland Security.\r\n[138][98]\r\n Yossi Melman, who covers intelligence for Israeli newspaper\r\nHaaretz and wrote a book about Israeli intelligence, also suspected that Israel was involved, noting that Meir\r\nDagan, the former (up until 2011) head of the national intelligence agency Mossad, had his term extended in 2009\r\nbecause he was said to be involved in important projects. Additionally, in 2010 Israel grew to expect that Iran\r\nwould have a nuclear weapon in 2014 or 2015 – at least three years later than earlier estimates – without the need\r\nfor an Israeli military attack on Iranian nuclear facilities; \"They seem to know something, that they have more\r\ntime than originally thought\", he added.[29][69] Israel has not publicly commented on the Stuxnet attack but in\r\n2010 confirmed that cyberwarfare was now among the pillars of its defense doctrine, with a military intelligence\r\nunit set up to pursue both defensive and offensive options.[139][140][141] When questioned whether Israel was\r\nbehind the virus in the fall of 2010, some Israeli officials[who?] broke into \"wide smiles\", fueling speculation that\r\nthe government of Israel was involved with its genesis.[142] American presidential advisor Gary Samore also\r\nsmiled when Stuxnet was mentioned,[69] although American officials have suggested that the virus originated\r\nabroad.[142] According to The Telegraph, Israeli newspaper Haaretz reported that a video celebrating operational\r\nsuccesses of Gabi Ashkenazi, retiring Israel Defense Forces (IDF) Chief of Staff, was shown at his retirement\r\nparty and included references to Stuxnet, thus strengthening claims that Israel's security forces were responsible.\r\n[143]\r\nIn 2009, a year before Stuxnet was discovered, Scott Borg of the United States Cyber-Consequences Unit (US-CCU)[144]\r\n suggested that Israel may prefer to mount a cyberattack rather than a military strike on Iran's nuclear\r\nfacilities.[121] In late 2010 Borg stated: \"Israel certainly has the ability to create Stuxnet and there is little\r\ndownside to such an attack because it would be virtually impossible to prove who did it. So a tool like Stuxnet is\r\nIsrael's obvious weapon of choice.\"[145] Iran uses P-1 centrifuges at Natanz, the design for which A. Q. Khan stole\r\nin 1976 and took to Pakistan. His black market nuclear-proliferation network sold P-1s to, among other customers,\r\nIran. Experts believe that Israel also somehow acquired P-1s and tested Stuxnet on the centrifuges, installed at the\r\nDimona facility that is part of its own nuclear program.\r\n[69]\r\n The equipment may be from the United States, which\r\nreceived P-1s from Libya's former nuclear program.\r\n[146][69]\r\nSome have also cited several clues in the code such as a concealed reference to the word MYRTUS, believed to\r\nrefer to the Latin name myrtus of the Myrtle tree, which in Hebrew is called hadassah. Hadassah was the birth\r\nname of the former Jewish queen of Persia, Queen Esther.\r\n[147][148]\r\n However, it may be that the \"MYRTUS\"\r\nreference is simply a misinterpreted reference to SCADA components known as RTUs (Remote Terminal Units)\r\nand that this reference is actually \"My RTUs\"–a management feature of SCADA.[149] Also, the number 19790509\r\nappears once in the code and may refer to the date 1979 May 09, the day Habib Elghanian, a Persian Jew, was\r\nexecuted in Tehran.\r\n[75][150][151]\r\n Another date that appears in the code is \"24 September 2007\", the day that Iran's\r\npresident Mahmoud Ahmadinejad spoke at Columbia University and made comments questioning the validity of\r\nthe Holocaust.\r\n[40]\r\n Such data is not conclusive, since, as noted by Symantec, \"attackers would have the natural\r\ndesire to implicate another party\".[75]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 12 of 28\n\nThere has also been several reports on the involvement of the United States and its collaboration with Israel,[152]\r\n[153]\r\n with one report stating that \"there is vanishingly little doubt that [it] played a role in creating the worm\".[40]\r\nIt has been reported that the United States, under one of its most secret programs, initiated by the Bush\r\nadministration and accelerated by the Obama administration,\r\n[154]\r\n has sought to destroy Iran's nuclear program by\r\nnovel methods such as undermining Iranian computer systems. A leaked diplomatic cable showed how the United\r\nStates was advised to target Iran's nuclear abilities through 'covert sabotage'.[155] An article in The New York\r\nTimes in January 2009 credited a then-unspecified program with preventing an Israeli military attack on Iran\r\nwhere some of the efforts focused on ways to destabilize the centrifuges.[156] A Wired article claimed that Stuxnet\r\n\"is believed to have been created by the United States\".[157] Dutch historian Peter Koop speculated that the\r\nTailored Access Operations could have developed Stuxnet, possibly in collaboration with Israel.[158]\r\nThe fact that John Bumgarner, a former intelligence officer and member of the United States Cyber-Consequences\r\nUnit (US-CCU), published an article prior to Stuxnet being discovered or deciphered, that outlined a strategic\r\ncyber strike on centrifuges[159] and suggests that cyber attacks are permissible against nation states which are\r\noperating uranium enrichment programs that violate international treaties gives some credibility to these claims.\r\nBumgarner pointed out that the centrifuges used to process fuel for nuclear weapons are a key target for cybertage\r\noperations and that they can be made to destroy themselves by manipulating their rotational speeds.[160]\r\nIn a March 2012 interview with 60 Minutes, retired US Air Force General Michael Hayden – who served as\r\ndirector of both the Central Intelligence Agency and National Security Agency – while denying knowledge of who\r\ncreated Stuxnet said that he believed it had been \"a good idea\" but that it carried a downside in that it had\r\nlegitimized the use of sophisticated cyber weapons designed to cause physical damage. Hayden said: \"There are\r\nthose out there who can take a look at this ... and maybe even attempt to turn it to their own purposes\". In the same\r\nreport, Sean McGurk, a former cybersecurity official at the Department of Homeland Security noted that the\r\nStuxnet source code could now be downloaded online and modified to be directed at new target systems. Speaking\r\nof the Stuxnet creators, he said: \"They opened the box. They demonstrated the capability ... It's not something that\r\ncan be put back.\"[161]\r\nJoint effort and other states and targets\r\n[edit]\r\nThis section needs to be updated. Please help update this article to reflect recent events or newly\r\navailable information. (June 2012)\r\nIn April 2011, Iranian government official Gholam Reza Jalali stated that an investigation had concluded that the\r\nUnited States and Israel were behind the Stuxnet attack.[162] Frank Rieger stated that three European countries'\r\nintelligence agencies agreed that Stuxnet was a joint United States-Israel effort. The code for the Windows injector\r\nand the PLC payload differ in style, likely implying collaboration. Other experts believe that a US-Israel\r\ncooperation is unlikely because \"the level of trust between the two countries' intelligence and military\r\nestablishments is not high\".[40]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 13 of 28\n\nA Wired magazine article about US General Keith B. Alexander stated: \"And he and his cyber warriors have\r\nalready launched their first attack. The cyber weapon that came to be known as Stuxnet was created and built by\r\nthe NSA in partnership with the CIA and Israeli intelligence in the mid-2000s.\"[163]\r\nChina,\r\n[164]\r\n Jordan, and France are other possibilities, and Siemens may have also participated.[40][152] Langner\r\nspeculated that the infection may have spread from USB drives belonging to Russian contractors since the Iranian\r\ntargets were not accessible via the Internet.[23][165] In 2019, it was reported that an Iranian mole working for\r\nDutch intelligence at the behest of Israel and the CIA inserted the Stuxnet virus with a USB flash drive or\r\nconvinced another person working at the Natanz facility to do so.[166][167]\r\nSandro Gaycken from the Free University Berlin argued that the attack on Iran was a ruse to distract from\r\nStuxnet's real purpose. According to him, its broad dissemination in more than 100,000 industrial plants\r\nworldwide suggests a field test of a cyber weapon in different security cultures, testing their preparedness,\r\nresilience, and reactions, all highly valuable information for a cyberwar unit.[168]\r\nThe United Kingdom has denied involvement in the worm's creation.[169]\r\nIn July 2013, Edward Snowden claimed that Stuxnet was cooperatively developed by the United States and Israel.\r\n[170]\r\nDeployment in North Korea\r\n[edit]\r\nAccording to a report by Reuters, the NSA also tried to sabotage North Korea's nuclear program using a version of\r\nStuxnet. The operation was reportedly launched in tandem with the attack that targeted Iranian centrifuges in\r\n2009–10. The North Korean nuclear program shares a number of similarities with the Iranian, both having been\r\ndeveloped with technology transferred by Pakistani nuclear scientist A.Q. Khan. The effort failed, however,\r\nbecause North Korea's extreme secrecy and isolation made it impossible to introduce Stuxnet into the nuclear\r\nfacility.\r\n[171]\r\nStuxnet 2.0 cyberattack\r\n[edit]\r\nIn 2018, Gholamreza Jalali, Iran's chief of the National Organization for Passive Defense, claimed that his country\r\nfended off a Stuxnet-like attack targeting the country's telecom infrastructure. Iran's Telecommunications minister,\r\nMohammad-Javad Azari Jahromi has since accused Israel of orchestrating the attack. Iran plans to sue Israel\r\nthrough the International Court of Justice (ICJ) and is also willing to launch a retaliation attack if Israel does not\r\ndesist.[172]\r\n\"Stuxnet's Secret Twin\"\r\n[edit]\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 14 of 28\n\nA November 2013 article[173]\r\n in Foreign Policy magazine claims existence of an earlier, much more sophisticated\r\nattack on the centrifuge complex at Natanz, focused on increasing centrifuge failure rate over a long time period\r\nby stealthily inducing uranium hexafluoride gas overpressure incidents. This malware was capable of spreading\r\nonly by being physically installed, probably by previously contaminated field equipment used by contractors\r\nworking on Siemens control systems within the complex. It is not clear whether this attack attempt was successful,\r\nbut follow-up by a different, simpler, and more conventional attack is indicative that it was not.[citation needed]\r\nMain article: Duqu\r\nOn 1 September 2011, a new worm was found, thought to be related to Stuxnet. The Laboratory of Cryptography\r\nand System Security (CrySyS) of the Budapest University of Technology and Economics analyzed the malware,\r\nnaming the threat Duqu.\r\n[174][175]\r\n Symantec, based on this report, continued the analysis of the threat, calling it\r\n\"nearly identical to Stuxnet, but with a completely different purpose\", and published a detailed technical paper.\r\n[176]\r\n The main component used in Duqu is designed to capture information[70] such as keystrokes and system\r\ninformation. The exfiltrated data may be used to enable a future Stuxnet-like attack. On 28 December 2011,\r\nKaspersky Lab's director of global research and analysis spoke to Reuters about recent research results showing\r\nthat the platform Stuxnet and Duqu both originated in 2007, and is being referred to as Tilded due to the ~d at the\r\nbeginning of the file names. Also uncovered in this research was the possibility for three more variants based on\r\nthe Tilded platform.[177]\r\nIn May 2012, the new malware \"Flame\" was found, thought to be related to Stuxnet.[178] Researchers named the\r\nprogram \"Flame\" after the name of one of its modules.[178] After analysing the code of Flame, Kaspersky Lab said\r\nthat there is a strong relationship between Flame and Stuxnet. An early version of Stuxnet contained code to\r\npropagate infections via USB drives that is nearly identical to a Flame module that exploits the same vulnerability.\r\n[179]\r\nSince 2010, there has been extensive international news media coverage on Stuxnet and its aftermath. In early\r\ncommentary, The Economist pointed out that Stuxnet was \"a new kind of cyber-attack\".[180] On 8 July 2011,\r\nWired then published an article detailing how network security experts were able to decipher the origins of\r\nStuxnet. In that piece, Kim Zetter claimed that Stuxnet's \"cost–benefit ratio is still in question\".[181] Later\r\ncommentators tended to focus on the strategic significance of Stuxnet as a cyber weapon. Following the Wired\r\npiece, Holger Stark called Stuxnet the \"first digital weapon of geopolitical importance, it could change the way\r\nwars are fought\".[182] Meanwhile, Eddie Walsh referred to Stuxnet as \"the world's newest high-end asymmetric\r\nthreat\".[183] Ultimately, some claim that the \"extensive media coverage afforded to Stuxnet has only served as an\r\nadvertisement for the vulnerabilities used by various cybercriminal groups\".[184] While that may be the case, the\r\nmedia coverage has also increased awareness of cyber security threats.\r\nAlex Gibney's 2016 documentary Zero Days covers the phenomenon around Stuxnet.[185] A zero-day (also known\r\nas 0-day) vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who\r\nshould be interested in mitigating the vulnerability (including the vendor of the target software). Until the\r\nvulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers\r\nor a network.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 15 of 28\n\nIn 2016, it was revealed that General James Cartwright, the former head of the U.S. Strategic Command, had\r\nleaked information related to Stuxnet. He later pleaded guilty for lying to FBI agents pursuing an investigation\r\ninto the leak.[186][187] On 17 January 2017, he was granted a full pardon in this case by President Obama, thus\r\nexpunging his conviction.\r\nDarknet Diaries' Podcast episode Stuxnet, discusses Stuxnet with guest Kim Zetter and references the book Count\r\nDown to Zero Day.\r\n[188]\r\nBesides the aforementioned Alex Gibney documentary Zero Days (2016), which looks into the malware and the\r\ncyberwarfare surrounding it, other works which reference Stuxnet include:\r\nIn Castle, season 8, episode 18 \"Backstabber\" Stuxnet is revealed to have been (fictionally) created by\r\nMI6, and a version of it is used to take down the London power grid.\r\nTrojan Horse is a novel written by Windows utility writer and novelist Mark Russinovich. It features the\r\nusage of the Stuxnet virus as a main plot line for the story, and the attempt of Iran to bypass it.\r\nIn Ghost in the Shell: Arise, Stuxnet is the named type of computer virus which infected Kusanagi and\r\nManamura allowing false memories to be implanted.\r\nIn July 2017, MRSA (Mat Zo) released a track named \"Stuxnet\" through Hospital Records.\r\nIn Ubisoft's 2013 video game Tom Clancy's Splinter Cell: Blacklist, the protagonist, Sam Fisher, makes use\r\nof a mobile, airborne headquarters (\"Paladin\") which is said at one point within the game's story mode to\r\nhave been targeted by a Stuxnet-style virus, causing its systems to fail and the plane to careen towards the\r\nocean, and would have crashed without Fisher's intervening.[189]\r\nIn Michael Mann's 2015 movie Blackhat, the code shown as belonging to a virus used by a hacker to cause\r\nthe coolant pumps explosion in a nuclear plant in Chai Wan, Hong Kong, is actual Stuxnet decompiled\r\ncode.\r\nIn the third episode of Star Trek: Discovery, \"Context Is for Kings\", characters identify a segment of code\r\nas being part of an experimental transportation system. The code shown is decompiled Stuxnet code.[190]\r\nMuch of the same code is shown in the episode \"Pyre\" of The Expanse, this time as a visual representation\r\nof a \"diagnostic exploit\" breaking into the control software for nuclear missiles.\r\n2024 Lebanon pager explosions\r\nAdvanced persistent threat\r\nDigiNotar\r\nKiller poke\r\nList of security hacking incidents\r\nMahdi (malware)\r\nNatanz\r\nNitro Zeus\r\nOperation High Roller\r\nOperation Merlin\r\nPin control attack\r\nProgrammable logic controller\r\nRegin (malware)\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 16 of 28\n\nStars virus\r\nTailored Access Operations\r\nVulnerability of nuclear plants to attack\r\nZero Days\r\n1. ^ \"W32.Stuxnet Dossier\" (PDF). Symantec. November 2010. Archived from the original (PDF) on 4\r\nNovember 2019.\r\n2. ^ \"Stuxnet : A worm which targets SCADA systems\". CERT-IST Computer Emergency Response Team. 8\r\nSeptember 2010. Retrieved 7 June 2025. “Stuxnet was discovered on June 17, 2010 by the Belarusian\r\nCompany VirusBlokAda (a company that develops antivirus products). At that time most of the attention of\r\nthe analysts was caught by the fact that this worm uses a previously unknown vulnerability in Windows (a\r\n\"0-day\" flaw): the \". LNK\" vulnerability which led Microsoft to release early in August the out-of-band\r\npatch MS10-046. This is only after further analysis that analysts found that Stuxnet was in fact designed to\r\ntarget SCADA systems.”\r\n3. ^ Jump up to: a\r\n \r\nb\r\n Kushner, David (26 February 2013). \"The Real Story of Stuxnet\". IEEE Spectrum. 50 (3):\r\n48–53. Bibcode:2013IEEES..50c..48K. doi:10.1109/MSPEC.2013.6471059. S2CID 29782870.\r\n4. ^ Sen, Ashish (10 April 2015). \"Iran's Growing Cyber Capabilities in a Post-Stuxnet Era\". Atlantic\r\nCouncil. Retrieved 3 September 2025.\r\n5. ^ \"Confirmed: US and Israel created Stuxnet, lost control of it\". Ars Technica. June 2012. Archived from\r\nthe original on 6 May 2019. Retrieved 15 June 2017.\r\n6. ^ Ellen Nakashima (2 June 2012). \"Stuxnet was work of U.S. and Israeli experts, officials say\". The\r\nWashington Post. Archived from the original on 4 May 2019. Retrieved 8 September 2015.\r\n7. ^ Bergman, Ronen; Mazzetti, Mark (4 September 2019). \"The Secret History of the Push to Strike Iran\".\r\nThe New York Times Magazine. ProQuest 2283858753. Archived from the original on 15 March 2023.\r\nRetrieved 23 March 2023.\r\n8. ^ Sanger, David E. (1 June 2012). \"Obama Order Sped Up Wave of Cyberattacks Against Iran\". The New\r\nYork Times. ISSN 0362-4331. Archived from the original on 1 June 2012. Retrieved 3 October 2022.\r\n9. ^ Naraine, Ryan (14 September 2010). \"Stuxnet attackers used 4 Windows zero-day exploits\". ZDNet.\r\nArchived from the original on 25 November 2014. Retrieved 12 April 2014.\r\n10. ^ Karnouskos, Stamatis (November 2011). \"Stuxnet worm impact on industrial cyber-physical system\r\nsecurity\" (PDF). IECON 2011 – 37th Annual Conference of the IEEE Industrial Electronics Society.\r\npp. 4490–4494. doi:10.1109/IECON.2011.6120048. ISBN 978-1-61284-972-0. S2CID 1980890. Archived\r\n(PDF) from the original on 24 April 2023. Retrieved 23 March 2023.\r\n11. ^ Kelley, Michael (20 November 2013). \"The Stuxnet Attack on Iran's Nuclear Plant Was 'Far More\r\nDangerous' Than Previously Thought\". Business Insider. Archived from the original on 9 May 2014.\r\nRetrieved 8 February 2014.\r\n12. ^ \"Sheep dip your removable storage devices to reduce the threat of cyber attacks\". www.mac-solutions.net. Archived from the original on 4 September 2017. Retrieved 26 July 2017.\r\n13. ^ \"STUXNET Malware Targets SCADA Systems\". Trend Micro. January 2012. Archived from the original\r\non 13 April 2014. Retrieved 12 April 2014.\r\n14. ^ Gross, Michael Joseph (April 2011). \"A Declaration of Cyber-War\". Vanity Fair. Archived from the\r\noriginal on 31 August 2021. Retrieved 31 December 2015.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 17 of 28\n\n15. ^ \"Exploring Stuxnet's PLC Infection Process\". Symantec. 23 January 2014. Archived from the original on\r\n21 June 2021. Retrieved 22 September 2010.\r\n16. ^ \"Building a Cyber Secure Plant\". Totally Integrated Automation. Siemens. 30 September 2010. Archived\r\nfrom the original on 21 April 2021. Retrieved 5 December 2010.\r\n17. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n McMillan, Robert (16 September 2010). \"Siemens: Stuxnet worm hit industrial\r\nsystems\". Computerworld. IDG News. Archived from the original on 20 February 2019. Retrieved 16\r\nSeptember 2010.\r\n18. ^ \"Last-minute paper: An indepth look into Stuxnet\". Virus Bulletin. Archived from the original on 9\r\nDecember 2021.\r\n19. ^ \"Stuxnet worm hits Iran nuclear plant staff computers\". BBC News. 26 September 2010. Archived from\r\nthe original on 16 July 2017.\r\n20. ^ Nicolas Falliere (6 August 2010). \"Stuxnet Introduces the First Known Rootkit for Industrial Control\r\nSystems\". Symantec. Retrieved 9 February 2011. {{cite web}} : CS1 maint: deprecated archival service\r\n(link)\r\n21. ^ Jump up to: a\r\n \r\nb\r\n \"Iran's Nuclear Agency Trying to Stop Computer Worm\". Tehran. Associated Press. 25\r\nSeptember 2010. Retrieved 25 September 2010. {{cite news}} : CS1 maint: deprecated archival service\r\n(link)\r\n22. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n Keizer, Gregg (16 September 2010). \"Is Stuxnet the 'best' malware ever?\". InfoWorld.\r\nArchived from the original on 5 May 2021. Retrieved 16 September 2010.\r\n23. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n Cherry, Steven; Langner, Ralph (13 October 2010). \"How Stuxnet Is Rewriting the\r\nCyberterrorism Playbook\". IEEE Spectrum. Archived from the original on 14 April 2021. Retrieved 2\r\nFebruary 2020.\r\n24. ^ \"Stuxnet Virus Targets and Spread Revealed\". BBC News. 15 February 2011. Archived from the original\r\non 25 November 2021. Retrieved 17 February 2011.\r\n25. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n Fildes, Jonathan (23 September 2010). \"Stuxnet worm 'targeted high-value Iranian\r\nassets'\". BBC News. Archived from the original on 24 September 2010. Retrieved 23 September 2010.\r\n26. ^ Beaumont, Claudine (23 September 2010). \"Stuxnet virus: worm 'could be aimed at high-profile Iranian\r\ntargets'\". The Daily Telegraph. London. Archived from the original on 12 January 2022. Retrieved 28\r\nSeptember 2010.\r\n27. ^ MacLean, William (24 September 2010). \"Update 2-Cyber attack appears to target Iran-tech firms\".\r\nReuters. Archived from the original on 14 November 2021. Retrieved 2 July 2017.\r\n28. ^ \"Iran Confirms Stuxnet Worm Halted Centrifuges\". CBS News. 29 November 2010. Archived from the\r\noriginal on 12 May 2022. Retrieved 12 May 2022.\r\n29. ^ Jump up to: a\r\n \r\nb\r\n Bronner, Ethan; Broad, William J. (29 September 2010). \"In a Computer Worm, a\r\nPossible Biblical Clue\". The New York Times. Archived from the original on 25 September 2022. Retrieved\r\n2 October 2010.\r\n30. ^ \"Software smart bomb fired at Iranian nuclear plant: Experts\". Economictimes.indiatimes.com. 24\r\nSeptember 2010. Archived from the original on 14 November 2021. Retrieved 28 September 2010.\r\n31. ^ \"Kaspersky Lab provides its insights on Stuxnet worm\". Kaspersky. Russia. 24 September 2010. Archived\r\nfrom the original on 16 November 2021. Retrieved 7 November 2011.\r\n32. ^ \"Stuxnet Questions and Answers – F-Secure Weblog\". F-Secure. Finland. 1 October 2010. Archived from\r\nthe original on 5 May 2021.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 18 of 28\n\n33. ^ Gary Samore Archived 27 April 2018 at the Wayback Machine speaking at the 10 December 2010\r\nWashington Forum of the Foundation for Defense of Democracies in Washington DC, reported by C-Span\r\nand contained in the PBS program Need to Know (\"Cracking the code: Defending against the\r\nsuperweapons of the 21st century cyberwar\", 4 minutes into piece)\r\n34. ^ Williams, Christopher (15 February 2011). \"Israel video shows Stuxnet as one of its successes\". London:\r\nTelegraph.co.uk. Archived from the original on 12 January 2022. Retrieved 14 February 2012.\r\n35. ^ Jump up to: a\r\n \r\nb\r\n Sanger, David E. (1 June 2012). \"Obama Order Sped Up Wave of Cyberattacks Against\r\nIran\". The New York Times. Archived from the original on 25 February 2017. Retrieved 1 June 2012.\r\n36. ^ Matyszczyk, Chris (24 July 2012). \"Thunderstruck! A tale of malware, AC/DC, and Iran's nukes\". CNET.\r\nRetrieved 8 July 2013. {{cite web}} : CS1 maint: deprecated archival service (link)\r\n37. ^ \"Iran 'fends off new Stuxnet cyber attack'\". BBC News. 25 December 2012. Archived from the original on\r\n7 August 2016. Retrieved 28 May 2015.\r\n38. ^ Shamah, David (11 November 2013). \"Stuxnet, gone rogue, hit Russian nuke plant, space station\". The\r\nTimes of Israel. Archived from the original on 20 September 2017. Retrieved 12 November 2013.\r\n39. ^ Krebs, Brian (17 July 2010). \"Experts Warn of New Windows Shortcut Flaw\". Krebs on Security.\r\nArchived from the original on 2 September 2022. Retrieved 3 March 2011.\r\n40. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n \r\nf\r\n \r\ng\r\n \r\nh\r\n \r\ni\r\n \r\nj\r\n \r\nk\r\n \r\nl\r\n m\r\nn\r\n \r\no\r\n \r\np\r\n Gross, Michael Joseph (April 2011). \"A Declaration of Cyber-War\". Vanity Fair. Condé Nast. Archived from the original on 31 August 2021. Retrieved 31 December\r\n2015.\r\n41. ^ \"Rootkit.TmpHider\". wilderssecurity.com. Wilders Security Forums. Archived from the original on 15\r\nDecember 2013. Retrieved 25 March 2014.\r\n42. ^ Shearer, Jarrad (13 July 2010). \"W32.Stuxnet\". Symantec. Symantec. Archived from the original on 4\r\nJanuary 2012. Retrieved 25 March 2014.\r\n43. ^ Zetter, Kim (11 July 2011). \"How digital detectives deciphered Stuxnet, the most menacing malware in\r\nhistory\". arstechnica.com. Archived from the original on 14 May 2022. Retrieved 25 March 2014.\r\n44. ^ Karl (26 October 2011). \"Stuxnet opens cracks in Iran nuclear program\". abc.net.au. ABC. Archived\r\nfrom the original on 24 February 2021. Retrieved 25 March 2014.\r\n45. ^ Gostev, Alexander (26 September 2010). \"Myrtus and Guava: the epidemic, the trends, the numbers\".\r\nArchived from the original on 1 January 2011. Retrieved 22 January 2011.\r\n46. ^ Finkle, Jim (26 February 2013). \"Researchers say Stuxnet was deployed against Iran in 2007\". Reuters.\r\nArchived from the original on 15 August 2021. Retrieved 6 July 2021.\r\n47. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n Aleksandr Matrosov; Eugene Rodionov; David Harley \u0026 Juraj Malcho. \"Stuxnet\r\nUnder the Microscope, Revision 1.31\" (PDF). Archived from the original (PDF) on 22 January 2022.\r\nRetrieved 6 September 2019.\r\n48. ^ Kiley, Sam (25 November 2010). \"Super Virus A Target For Cyber Terrorists\". Archived from the original\r\non 28 November 2010. Retrieved 25 November 2010.\r\n49. ^ \"A Fanny Equation: 'I am your father, Stuxnet'\". Kaspersky Lab. 17 February 2015. Archived from the\r\noriginal on 19 March 2021. Retrieved 24 November 2015.\r\n50. ^ \"fanny.bmp code\". GitHub. 23 October 2021. Archived from the original on 3 February 2021. Retrieved\r\n15 February 2021.\r\n51. ^ \"Equation Group Questions and Answers\" (PDF). securelist.com. Archived from the original (PDF) on\r\n17 February 2015.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 19 of 28\n\n52. ^ Seals, Tara (9 April 2019). \"SAS 2019: Stuxnet-Related APTs Form Gossip Girl, an 'Apex Threat Actor'\".\r\nthreatpost.com. Archived from the original on 28 July 2020. Retrieved 6 August 2020.\r\n53. ^ Chronicle (12 April 2019). \"Who is GOSSIPGIRL?\". Medium. Archived from the original on 22 July\r\n2020. Retrieved 15 July 2020.\r\n54. ^ \"CSEC SIGINT Cyber Discovery: Summary of the current effort\" (PDF). Electrospaces. November 2010.\r\nArchived from the original (PDF) on 23 March 2015.\r\n55. ^ Bencsáth, Boldizsár. \"Territorial Dispute – NSA's perspective on APT landscape\" (PDF). Archived from\r\nthe original (PDF) on 10 January 2022.\r\n56. ^ Marschalek, Marion; Guarnieri, Claudio (25 August 2015). \"Big Game Hunting: The Peculiarities of\r\nNation-State Malware Research\". YouTube. Archived from the original on 21 December 2021.\r\n57. ^ Barth, Bradley (10 April 2019). \"GOSSIPGIRL – Stuxnet group had '4th man;' unknown version of\r\nFlame \u0026 Duqu found\". Archived from the original on 6 August 2020.\r\n58. ^ BetaFred. \"Microsoft Security Bulletin MS10-061 – Critical\". docs.microsoft.com. Archived from the\r\noriginal on 6 October 2020. Retrieved 29 September 2020.\r\n59. ^ BetaFred. \"Microsoft Security Bulletin MS08-067 – Critical\". docs.microsoft.com. Archived from the\r\noriginal on 6 December 2020. Retrieved 29 September 2020.\r\n60. ^ fmm (28 September 2020). \"The Emerald Connection: EquationGroup collaboration with Stuxnet\".\r\nFacundo Muñoz Research. Archived from the original on 30 September 2020. Retrieved 29 September\r\n2020.\r\n61. ^ \"W32.Stuxnet\". Symantec. 17 September 2010. Archived from the original on 4 January 2012. Retrieved\r\n2 March 2011.\r\n62. ^ \"Iran denies hacking into American banks Archived 24 September 2015 at the Wayback Machine\"\r\nReuters, 23 September 2012\r\n63. ^ \"Iranian Offensive Cyberattack Capabilities\". www.congress.gov. 13 January 2020. Retrieved 21\r\nSeptember 2025.\r\n64. ^ \"Operation Ababil (2012) | Research Starters | EBSCO Research\". EBSCO. Retrieved 3 September 2025.\r\n65. ^ \"Compromise of Saudi Aramco and RasGas | CFR Interactives\". www.cfr.org. Retrieved 3 September\r\n2025.\r\n66. ^ \"Shamoon – Darknet Diaries\". darknetdiaries.com. Retrieved 3 September 2025.\r\n67. ^ \"Las Vegas Sands' network hit by destructive malware in Feb: Bloomberg\". Reuters. 12 December 2014.\r\nRetrieved 3 September 2025.\r\n68. ^ \"Las Vegas Sands' Casino Network hit by Destructive Malware\". The Hacker News. Retrieved 3\r\nSeptember 2025.\r\n69. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n \r\nf\r\n \r\ng\r\n Broad, William J.; Markoff, John; Sanger, David E. (15 January 2011). \"Israel\r\nTests on Worm Called Crucial in Iran Nuclear Delay\". New York Times. Archived from the original on 20\r\nSeptember 2011. Retrieved 16 January 2011.\r\n70. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Steven Cherry; with Larry Constantine (14 December 2011). \"Sons of Stuxnet\". IEEE\r\nSpectrum. Archived from the original on 14 April 2021. Retrieved 2 February 2020.\r\n71. ^ \"Conficker Worm: Help Protect Windows from Conficker\". Microsoft. 10 April 2009. Archived from the\r\noriginal on 18 May 2018. Retrieved 6 December 2010.\r\n72. ^ Buda, Alex (4 December 2016). \"Creating Malware using the Stuxnet LNK Exploit\". Ruby Devices.\r\nArchived from the original on 18 March 2017. Retrieved 18 March 2017.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 20 of 28\n\n73. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n \r\nf\r\n Kim Zetter (23 September 2010). \"Blockbuster Worm Aimed for Infrastructure, But\r\nNo Proof Iran Nukes Were Target\". Wired. Archived from the original on 5 November 2016. Retrieved 4\r\nNovember 2016.\r\n74. ^ Liam O Murchu (17 September 2010). \"Stuxnet P2P component\". Symantec. Archived from the original\r\non 17 January 2019. Retrieved 24 September 2010.\r\n75. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \r\nd\r\n \r\ne\r\n \r\nf\r\n \r\ng\r\n \"W32.Stuxnet Dossier\" (PDF). Symantec Corporation. Archived from the original\r\n(PDF) on 7 July 2012. Retrieved 1 October 2010.\r\n76. ^ Microsoft (14 September 2010). \"Microsoft Security Bulletin MS10-061 – Critical\". Microsoft. Archived\r\nfrom the original on 20 March 2015. Retrieved 20 August 2015.\r\n77. ^ Microsoft (2 August 2010). \"Microsoft Security Bulletin MS10-046 – Critical\". Microsoft. Archived from\r\nthe original on 12 August 2015. Retrieved 20 August 2015.\r\n78. ^ Gostev, Alexander (14 September 2010). \"Myrtus and Guava, Episode MS10-061\". Kaspersky Lab.\r\nArchived from the original on 23 August 2015. Retrieved 20 August 2015.\r\n79. ^ \"Kaspersky Lab provides its insights on Stuxnet worm\". Kaspersky Lab. 24 September 2010. Archived\r\nfrom the original on 16 November 2021. Retrieved 27 September 2010.\r\n80. ^ Gross, Michael Joseph (April 2011). \"A Declaration of Cyber-War\". Vanity Fair. Archived from the\r\noriginal on 31 August 2021. Retrieved 4 March 2011.\r\n81. ^ Langner, Ralph (14 September 2010). \"Ralph's Step-By-Step Guide to Get a Crack at Stuxnet Traffic and\r\nBehaviour\". Ot-Base by Langner. Archived from the original on 25 June 2016. Retrieved 4 March 2011.\r\n82. ^ Falliere, Nicolas (26 September 2010). \"Stuxnet Infection of Step 7 Projects\". Symantec. Archived from\r\nthe original on 3 January 2015. Retrieved 9 February 2011.\r\n83. ^ \"Vulnerability Summary for CVE-2010-2772\". National Vulnerability Database. 22 July 2010. Archived\r\nfrom the original on 11 August 2010. Retrieved 7 December 2010.\r\n84. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Chien, Eric (12 November 2010). \"Stuxnet: A Breakthrough\". Symantec. Archived from\r\nthe original on 18 January 2018. Retrieved 14 November 2010.\r\n85. ^ Jump up to: a\r\n \r\nb\r\n \"SIMATIC WinCC / SIMATIC PCS 7: Information concerning Malware / Virus / Trojan\".\r\nSiemens. Archived from the original on 23 September 2019. Retrieved 24 September 2010.\r\n86. ^ Espiner, Tom (20 July 2010). \"Siemens warns Stuxnet targets of password risk\". CNET. Archived from the\r\noriginal on 9 January 2011. Retrieved 23 March 2023.\r\n87. ^ crve (17 September 2010). \"Stuxnet also found at industrial plants in Germany\". The H. Archived from\r\nthe original on 21 September 2010. Retrieved 18 September 2010.\r\n88. ^ \"Repository of Industrial Security Incidents\". Security Incidents Organization. Archived from the original\r\non 26 April 2011. Retrieved 14 October 2010.\r\n89. ^ \"DHS National Cyber Security Division's CSSP\". DHS. Archived from the original on 8 October 2010.\r\nRetrieved 14 October 2010.\r\n90. ^ \"ISA99, Industrial Automation and Control System Security\". International Society of Automation.\r\nArchived from the original on 10 January 2011. Retrieved 14 October 2010.\r\n91. ^ \"Industrial communication networks – Network and system security – Part 2-1: Establishing an\r\nindustrial automation and control system security program\". International Electrotechnical Commission.\r\nRetrieved 14 October 2010.\r\n92. ^ \"Chemical Sector Cyber Security Program\". ACC ChemITC. Archived from the original on 19 October\r\n2010. Retrieved 14 October 2010.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 21 of 28\n\n93. ^ \"Pipeline SCADA Security Standard\" (PDF). API. Archived (PDF) from the original on 19 November\r\n2010. Retrieved 19 November 2010.\r\n94. ^ Marty Edwards (Idaho National Laboratory) \u0026 Todd Stauffer (Siemens). 2008 Automation Summit: A\r\nUser's Conference (PDF). United States Department of Homeland Security. p. 35. Archived (PDF) from the\r\noriginal on 20 January 2011. Retrieved 18 January 2011.\r\n95. ^ \"The Can of Worms Is Open-Now What?\". controlglobal.com. Archived from the original on 1 October\r\n2010. Retrieved 14 October 2010.\r\n96. ^ Byres, Eric; Cusimano, John (16 February 2012). \"The 7 Steps to ICS Security\". Tofino Security and\r\nexida Consulting LLC. Archived from the original on 23 January 2013. Retrieved 3 March 2011.\r\n97. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Halliday, Josh (24 September 2010). \"Stuxnet worm is the 'work of a national\r\ngovernment agency'\". The Guardian. London. Archived from the original on 22 August 2022. Retrieved 27\r\nSeptember 2010.\r\n98. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Markoff, John (26 September 2010). \"A Silent Attack, but Not a Subtle One\". The New\r\nYork Times. Archived from the original on 6 February 2021. Retrieved 27 September 2010.\r\n99. ^ Schneier, Bruce (6 October 2010). \"The Story Behind The Stuxnet Virus\". Forbes. Archived from the\r\noriginal on 30 August 2017. Retrieved 22 August 2017.\r\n100. ^ Schneier, Bruce (23 February 2012). \"Another Piece of the Stuxnet Puzzle\". Schneier on Security.\r\nArchived from the original on 26 February 2012. Retrieved 4 March 2012.\r\n101. ^ Modderkolk, Huib (8 January 2024). \"Sabotage in Iran: Een missie in duisternis\" [Sabotage in Iran: A\r\nMission in Darkness]. De Volksrant (in Dutch). Archived from the original on 8 January 2024. Retrieved\r\n26 June 2025.\r\n102. ^ Waterfield, Bruno (8 January 2024). \"Dutch spies hid engineer's role in paralysing Iran nuclear project\".\r\nThe Times and The Sunday Times. Retrieved 19 July 2025.\r\n103. ^ Kovacs, Eduard (10 January 2024). \"Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet\r\nMalware Into Iranian Nuclear Facility: Report\". Security Week. Archived from the original on 15 May\r\n2024.\r\n104. ^ Bright, Arthur (1 October 2010). \"Clues Emerge About Genesis of Stuxnet Worm\". Christian Science\r\nMonitor. Archived from the original on 6 March 2011. Retrieved 4 March 2011.\r\n105. ^ Langner, Ralph (February 2011). Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon\r\n(video). TED. Archived from the original on 1 February 2014. Retrieved 4 January 2023.\r\n106. ^ McMillan, Robert (23 July 2010). \"Iran was prime target of SCADA worm\". Computerworld. Archived\r\nfrom the original on 5 September 2014. Retrieved 17 September 2010.\r\n107. ^ Woodward, Paul (22 September 2010). \"Iran confirms Stuxnet found at Bushehr nuclear power plant\".\r\nWarincontext.org. Archived from the original on 20 March 2019. Retrieved 28 September 2010.\r\n108. ^ \"6 mysteries about Stuxnet\". Blog.foreignpolicy.com. Archived from the original on 9 February 2014.\r\nRetrieved 28 September 2010.\r\n109. ^ Clayton, Mark (21 September 2010). \"Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr\r\nnuclear plant?\". Christian Science Monitor. Archived from the original on 24 September 2010. Retrieved\r\n23 September 2010.\r\n110. ^ Melman, Yossi (28 September 2010). \"Computer virus in Iran actually targeted larger nuclear facility\".\r\nHaaretz. Archived from the original on 22 January 2011. Retrieved 1 January 2011.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 22 of 28\n\n111. ^ Melman, Yossi (24 November 2010). \"Iran pauses uranium enrichment at Natanz nuclear plant\".\r\nHaaretz. Archived from the original on 24 November 2010. Retrieved 24 November 2010.\r\n112. ^ Jump up to: a\r\n \r\nb\r\n \"The Stuxnet worm: A cyber-missile aimed at Iran?\". The Economist. 24 September 2010.\r\nArchived from the original on 27 September 2010. Retrieved 28 September 2010.\r\n113. ^ \"Serious nuclear accident may lay behind Iranian nuke chief's mystery resignation\". WikiLeaks. 16 July\r\n2009. Archived from the original on 30 December 2010. Retrieved 1 January 2011.\r\n114. ^ IAEA Report on Iran (PDF) (Report). Institute for Science and International Security. 16 November\r\n2010. Archived (PDF) from the original on 11 March 2011. Retrieved 1 January 2011.\r\n115. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \"Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?\" (PDF).\r\nInstitute for Science and International Security. 22 December 2010. Archived (PDF) from the original on\r\n10 September 2012. Retrieved 27 December 2010.\r\n116. ^ Stöcker, Christian (26 December 2010). \"Stuxnet-Virus könnte tausend Uran-Zentrifugen zerstört\r\nhaben\". Der Spiegel (in German). Archived from the original on 27 December 2010. Retrieved 27\r\nDecember 2010.\r\n117. ^ Stark, Holger (8 August 2011). \"Mossad's Miracle Weapon: Stuxnet Virus Opens New Era of Cyber\r\nWar\". Der Spiegel. Archived from the original on 15 August 2011. Retrieved 15 August 2011.\r\n118. ^ Warrick, Joby (15 February 2011). \"Iran's Natanz nuclear facility recovered quickly from Stuxnet\r\ncyberattack\". The Washington Post. Archived from the original on 24 January 2022. Retrieved 23 March\r\n2023.\r\n119. ^ \"Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report\". Institute for Science and\r\nInternational Security. 15 February 2011. Archived from the original on 7 August 2011. Retrieved 10 July\r\n2011.\r\n120. ^ \"Signs of sabotage in Tehran's nuclear programme\". Gulf News. 14 July 2010. Archived from the original\r\non 20 November 2010.\r\n121. ^ Jump up to: a\r\n \r\nb\r\n Williams, Dan (7 July 2009). \"Wary of naked force, Israel eyes cyberwar on Iran\".\r\nReuters. Archived from the original on 19 May 2018. Retrieved 2 July 2017.\r\n122. ^ Aneja, Atul (26 September 2010). \"Under cyber-attack, says Iran\". The Hindu. Chennai, India. Archived\r\nfrom the original on 29 September 2010. Retrieved 27 September 2010.\r\n123. ^ \"نت استاکس\"ویروس با مقابله های راه :: خرب شبکه) in Persian). Irinn.ir. Archived from the original on 21 June\r\n2013. Retrieved 28 September 2010.\r\n124. ^ Jump up to: a\r\n \r\nb\r\n \"Stuxnet worm rampaging through Iran: IT official\". AFP. Archived from the original on\r\n30 September 2010.\r\n125. ^ \"IRAN: Speculation on Israeli involvement in malware computer attack\". Los Angeles Times. 27\r\nSeptember 2010. Archived from the original on 28 September 2010. Retrieved 28 September 2010.\r\n126. ^ Jump up to: a\r\n \r\nb\r\n Erdbrink, Thomas; Nakashima, Ellen (27 September 2010). \"Iran struggling to contain\r\n'foreign-made' 'Stuxnet' computer virus\". The Washington Post. Archived from the original on 2 October\r\n2010. Retrieved 28 September 2010.\r\n127. ^ \"Ahmadinedschad räumt Virus-Attack ein\". Der Spiegel. 29 November 2010. Archived from the original\r\non 20 December 2010. Retrieved 29 December 2010.\r\n128. ^ \"Stuxnet: Ahmadinejad admits cyberweapon hit Iran nuclear program\". The Christian Science Monitor.\r\n30 November 2010. Archived from the original on 5 December 2010. Retrieved 29 December 2010.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 23 of 28\n\n129. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Zetter, Kim (29 November 2010). \"Iran: Computer Malware Sabotaged Uranium\r\nCentrifuges | Threat Level\". Wired. Archived from the original on 11 March 2012. Retrieved 14 February\r\n2012.\r\n130. ^ \"US Denies Role in Iranian Scientist's Death\". Fox News. 7 April 2010. Archived from the original on 13\r\nFebruary 2012. Retrieved 14 February 2012.\r\n131. ^ Monica Amarelo (21 January 2011). \"New FAS Report Demonstrates Iran Improved Enrichment in\r\n2010\". Federation of American Scientists. Archived from the original on 15 December 2013. Retrieved 1\r\nJanuary 2016.\r\n132. ^ \"Report: Iran's nuclear capacity unharmed, contrary to U.S. assessment\". Haaretz. 22 January 2011.\r\nArchived from the original on 25 January 2011. Retrieved 27 January 2011.\r\n133. ^ Jeffrey Goldberg (22 January 2011). \"Report: Report: Iran's Nuclear Program Going Full Speed\r\nAhead\". The Atlantic. Archived from the original on 12 November 2016. Retrieved 11 March 2017.\r\n134. ^ \"Experts say Iran has 'neutralized' Stuxnet virus\". Reuters. 14 February 2012. Archived from the original\r\non 17 August 2021. Retrieved 6 July 2021.\r\n135. ^ Beaumont, Peter (30 September 2010). \"Stuxnet worm heralds new era of global cyberwar\".\r\nGuardian.co.uk. London. Archived from the original on 30 December 2016. Retrieved 17 December 2016.\r\n136. ^ Sanger, David E. (1 June 2012). \"Obama Order Sped Up Wave of Cyberattacks Against Iran\". The New\r\nYork Times. Archived from the original on 17 September 2022. Retrieved 1 June 2012.\r\n137. ^ Hounshell, Blake (27 September 2010). \"6 mysteries about Stuxnet\". Foreign Policy. Archived from the\r\noriginal on 9 February 2014. Retrieved 28 September 2010.\r\n138. ^ \"Falkenrath Says Stuxnet Virus May Have Origin in Israel: Video. Bloomberg Television\". 24 September\r\n2010. Archived from the original on 4 December 2012.\r\n139. ^ Williams, Dan (15 December 2009). \"Spymaster sees Israel as world cyberwar leader\". Reuters.\r\nArchived from the original on 28 December 2010. Retrieved 29 May 2012.\r\n140. ^ Dan Williams. \"Cyber takes centre stage in Israel's war strategy\". Reuters, 28 September 2010. Archived\r\nfrom the original on 1 October 2010. Retrieved 17 October 2010.\r\n141. ^ Antonin Gregoire. \"Stuxnet, the real face of cyber warfare\". Iloubnan.info, 25 November 2010. Archived\r\nfrom the original on 26 November 2010. Retrieved 25 November 2010.\r\n142. ^ Jump up to: a\r\n \r\nb\r\n Broad, William J.; Sanger, David E. (18 November 2010). \"Worm in Iran Can Wreck\r\nNuclear Centrifuges\". The New York Times. Archived from the original on 19 February 2017. Retrieved 25\r\nFebruary 2017.\r\n143. ^ Williams, Christopher (16 February 2011). \"Israeli security chief celebrates Stuxnet cyber attack\". The\r\nTelegraph. London. Archived from the original on 19 February 2011. Retrieved 23 February 2011.\r\n144. ^ \"The U.S. Cyber Consequences Unit\". The U.S. Cyber Consequences Unit. Archived from the original on\r\n23 March 2023. Retrieved 1 December 2010.\r\n145. ^ \"A worm in the centrifuge: An unusually sophisticated cyber-weapon is mysterious but important\". The\r\nEconomist. 30 September 2010. Archived from the original on 10 October 2010. Retrieved 12 October\r\n2010.\r\n146. ^ Sanger, David E. (25 September 2010). \"Iran Fights Malware Attacking Computers\". The New York\r\nTimes. Archived from the original on 26 May 2011. Retrieved 28 September 2010.\r\n147. ^ \"Iran/Critical National Infrastructure: Cyber Security Experts See The Hand of Israel's Signals\r\nIntelligence Service in The 'Stuxnet' Virus Which Has Infected Iranian Nuclear Facilities\".\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 24 of 28\n\nMideastsecurity.co.uk. 1 September 2010. Archived from the original on 8 December 2010. Retrieved 6\r\nOctober 2010.\r\n148. ^ Riddle, Warren (1 October 2010). \"Mysterious 'Myrtus' Biblical Reference Spotted in Stuxnet Code\".\r\nSWITCHED. Archived from the original on 1 October 2011. Retrieved 6 October 2010.\r\n149. ^ \"SCADA Systems Whitepaper\" (PDF). Motorola. Archived (PDF) from the original on 1 October 2012.\r\nRetrieved 1 January 2016.\r\n150. ^ \"Symantec Puts 'Stuxnet' Malware Under the Knife\". PC Magazine. Archived from the original on 14\r\nAugust 2017. Retrieved 15 September 2017.\r\n151. ^ Zetter, Kim (1 October 2010). \"New Clues Point to Israel as Author of Blockbuster Worm, Or Not\".\r\nWired. Archived from the original on 15 December 2013. Retrieved 11 March 2017.\r\n152. ^ Jump up to: a\r\n \r\nb\r\n Reals, Tucker (24 September 2010). \"Stuxnet Worm a U.S. Cyber-Attack on Iran Nukes?\".\r\nCBS News. Archived from the original on 16 October 2013. Retrieved 27 September 2010.\r\n153. ^ \"Snowden Der Spiegel Interview\". Der Spiegel (in English and German). Archived from the original on 6\r\nJuly 2014. Retrieved 3 October 2015.\r\n154. ^ Kelley, Michael B. (1 June 2012). \"Obama Administration Admits Cyberattacks Against Iran Are Part of\r\nJoint US-Israeli Offensive\". Business Insider. Archived from the original on 3 December 2017. Retrieved\r\n23 January 2018.\r\n155. ^ Halliday, Josh (18 January 2011). \"WikiLeaks: the US advised to sabotage Iran nuclear sites by German\r\nthinktank\". The Guardian. London. Archived from the original on 8 September 2013. Retrieved 19 January\r\n2011.\r\n156. ^ Sanger, David E. (10 January 2009). \"U.S. Rejected Aid for Israeli Raid on Iranian Nuclear Site\". The\r\nNew York Times. Archived from the original on 16 October 2013. Retrieved 12 October 2013.\r\n157. ^ Kim Zetter (17 February 2011). \"Cyberwar Issues Likely to Be Addressed Only After a Catastrophe\".\r\nWired. Archived from the original on 18 February 2011. Retrieved 18 February 2011.\r\n158. ^ Koop, Peter (12 December 2013). \"Hoe onderschept de NSA ons dataverkeer?\". De Correspondent (in\r\nDutch). Archived from the original on 22 February 2022. Retrieved 22 February 2022.\r\n159. ^ Chris Carroll (18 October 2011). \"Cone of silence surrounds U.S. cyberwarfare\". Stars and Stripes.\r\nArchived from the original on 7 March 2012. Retrieved 30 October 2011.\r\n160. ^ John Bumgarner (27 April 2010). \"Computers as Weapons of War\" (PDF). IO Journal. Archived from the\r\noriginal (PDF) on 19 December 2011. Retrieved 30 October 2011.\r\n161. ^ Kroft, Steve (4 March 2012). \"Stuxnet: Computer worm opens new era of warfare\". 60 Minutes (CBS\r\nNews). Archived from the original on 15 October 2013. Retrieved 9 March 2012.\r\n162. ^ CBS News staff (16 April 2011). \"Iran blames U.S., Israel for Stuxnet malware\" (SHTML). CBS News.\r\nArchived from the original on 24 April 2012. Retrieved 15 January 2012.\r\n163. ^ James Balford (12 June 2013). \"The secret war\". Wired. Archived from the original on 24 June 2018.\r\nRetrieved 2 June 2014.\r\n164. ^ Carr, Jeffrey (14 December 2010). \"Stuxnet's Finnish-Chinese Connection\". Forbes. Archived from the\r\noriginal on 18 April 2011. Retrieved 19 April 2011.\r\n165. ^ Clayton, Mark (24 September 2010). \"Stuxnet worm mystery: What's the cyber weapon after?\". Christian\r\nScience Monitor. Archived from the original on 27 September 2010. Retrieved 21 January 2011.\r\n166. ^ \"Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran\".\r\nnews.yahoo.com. 2 September 2019. Archived from the original on 3 September 2019. Retrieved 3\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 25 of 28\n\nSeptember 2019.\r\n167. ^ Bob, Yonah Jeremy (2 September 2019). \"Secret Dutch mole aided Stuxnet attack on Iran's nuke program\r\n– Report\". Jerusalem Post. Archived from the original on 5 September 2019. Retrieved 4 September 2019.\r\n168. ^ Gaycken, Sandro (26 November 2010). \"Stuxnet: Wer war's? Und wozu?\". Die ZEIT. Archived from the\r\noriginal on 20 April 2011. Retrieved 19 April 2011.\r\n169. ^ Hopkins, Nick (31 May 2011). \"UK developing cyber-weapons programme to counter cyber war threat\".\r\nThe Guardian. United Kingdom. Archived from the original on 10 September 2013. Retrieved 31 May\r\n2011.\r\n170. ^ Iain Thomson (8 July 2013). \"Snowden: US and Israel Did Create Stuxnet Attack Code\". The Register.\r\nArchived from the original on 10 July 2013. Retrieved 8 July 2013.\r\n171. ^ Menn, Joseph (29 May 2015). \"Exclusive: U.S. tried Stuxnet-style campaign against North Korea but\r\nfailed – sources\". Reuters. Archived from the original on 13 December 2015. Retrieved 31 May 2015.\r\n172. ^ Goud, Naveen (6 November 2018). \"Iran says Israel launched Stuxnet 2.0 Cyber Attack\". Archived from\r\nthe original on 7 February 2019. Retrieved 6 February 2019.\r\n173. ^ \"Stuxnet's Secret Twin\". Foreign Policy. 19 November 2013. Archived from the original on 4 December\r\n2014. Retrieved 11 March 2017.\r\n174. ^ \"Duqu: A Stuxnet-like malware found in the wild, technical report\" (PDF). Laboratory of Cryptography\r\nof Systems Security (CrySyS). 14 October 2011. Archived (PDF) from the original on 21 April 2019.\r\nRetrieved 13 November 2011.\r\n175. ^ \"Statement on Duqu's initial analysis\". Laboratory of Cryptography of Systems Security (CrySyS). 21\r\nOctober 2011. Archived from the original on 4 October 2012. Retrieved 25 October 2011.\r\n176. ^ \"W32.Duqu – The precursor to the next Stuxnet (Version 1.2)\" (PDF). Symantec. 20 October 2011.\r\nArchived from the original (PDF) on 25 October 2019. Retrieved 25 October 2011.\r\n177. ^ Finkle, Jim (28 December 2011). \"Stuxnet weapon has at least 4 cousins: researchers\". Reuters. Archived\r\nfrom the original on 24 September 2015. Retrieved 6 July 2021.\r\n178. ^ Jump up to: a\r\n \r\nb\r\n Zetter, Kim (28 May 2012). \"Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian\r\nComputers\". Wired. Archived from the original on 30 May 2012. Retrieved 29 May 2012.\r\n179. ^ \"Resource 207: Kaspersky Lab Research Proves that Stuxnet and Flame Developers are Connected\".\r\nKaspersky Lab. 11 June 2012. Archived from the original on 16 November 2021. Retrieved 13 June 2012.\r\n180. ^ \"The Meaning of Stuxnet\". The Economist. 30 September 2010. Archived from the original on 30 March\r\n2015. Retrieved 18 April 2015.\r\n181. ^ Kim Zetter (8 July 2011). \"How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in\r\nHistory\". Wired. Archived from the original on 9 March 2017. Retrieved 11 March 2017.\r\n182. ^ Holger Stark (8 August 2011). \"Mossad's Miracle Weapon: Stuxnet Virus Opens New Era of Cyber War\".\r\nDer Spiegel. Archived from the original on 12 April 2015. Retrieved 18 April 2015.\r\n183. ^ Eddie Walsh (1 January 2012). \"2011: The year of domestic cyber threat\". Al Jazeera English. Archived\r\nfrom the original on 18 April 2015. Retrieved 18 April 2015.\r\n184. ^ Vyacheslav Zakorzhevsky (5 October 2010). \"Sality \u0026 Stuxnet – Not Such a Strange Coincidence\".\r\nKaspersky Lab. Archived from the original on 18 April 2015. Retrieved 18 April 2015.\r\n185. ^ Ball, James (16 February 2016). \"U.S. Hacked into Iran's Critical Civilian Infrastructure For Massive\r\nCyberattack, New Film Claims\". BuzzFeed. Archived from the original on 19 July 2017. Retrieved 17 May\r\n2017.\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 26 of 28\n\n186. ^ Savage, Charlie (17 October 2016). \"James Cartwright, Ex-General, Pleads Guilty in Leak Case\". The\r\nNew York Times. ISSN 0362-4331. Archived from the original on 12 January 2017. Retrieved 27 December\r\n2016.\r\n187. ^ \"World War Three, by Mistake\". The New Yorker. 23 December 2016. Archived from the original on 27\r\nDecember 2016. Retrieved 27 December 2016.\r\n188. ^ \"Stuxnet – Darknet Diaries\". Darknet Diaries – True stories from the dark side of the Internet. 2 January\r\n2019. Retrieved 11 October 2025.\r\n189. ^ \"Splinter Cell Blacklist – Mission 10 'American Fuel'\". 17 September 2013. Archived from the original\r\non 21 December 2021 – via www.youtube.com.\r\n190. ^ \"According to Star Trek: Discovery, Starfleet still runs Microsoft Windows\". The Verge. 3 October 2017.\r\nArchived from the original on 11 January 2019. Retrieved 11 January 2019.\r\nLangner, Ralph (March 2011). \"Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon\". TED.\r\nArchived from the original on 1 February 2014. Retrieved 13 May 2011.\r\n\"The short path from cyber missiles to dirty digital bombs\". Blog. Langner Communications GmbH. 26\r\nDecember 2010. Archived from the original on 19 April 2017. Retrieved 13 May 2011.\r\nRalph Langner's Stuxnet Deep Dive Archived 17 October 2012 at the Wayback Machine\r\nLangner, Ralph (November 2013). To Kill a Centrifuge: A Technical Analysis of What Stuxnet's Creators\r\nTried to Achieve (PDF) (Report). Archived (PDF) from the original on 13 June 2016. Retrieved 26\r\nNovember 2013.\r\nFalliere, Nicolas (21 September 2010). \"Exploring Stuxnet's PLC Infection Process\". Blogs: Security\r\nResponse. Symantec. Archived from the original on 21 June 2021. Retrieved 13 May 2011.\r\n\"Stuxnet Questions and Answers\". News from the Lab (blog). F-Secure. 1 October 2010. Archived from the\r\noriginal on 5 May 2021. Retrieved 13 May 2011.\r\nDang, Bruce; Ferrie, Peter (28 December 2010). \"27C3: Adventures in analyzing Stuxnet\". Chaos\r\nComputer Club e.V. Archived from the original on 11 October 2015. Retrieved 13 May 2011.\r\nRussinovich, Mark (30 March 2011). \"Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1\".\r\nMark's Blog. Microsoft Corporation. MSDN Blogs. Archived from the original on 23 April 2011. Retrieved\r\n13 May 2011.\r\nZetter, Kim (11 July 2011). \"How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in\r\nHistory\". Threat Level Blog. Wired. Archived from the original on 28 March 2014. Retrieved 11 July 2011.\r\nKroft, Steve (4 March 2012). \"Stuxnet: Computer worm opens new era of warfare\". 60 Minutes. CBS News.\r\nArchived from the original on 15 October 2013. Retrieved 4 March 2012.\r\nSanger, David E. (1 June 2012). \"Obama Order Sped Up Wave of Cyberattacks Against Iran\". The New\r\nYork Times. Archived from the original on 17 September 2022. Retrieved 1 June 2012.\r\nKim Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. New\r\nYork: Crown Publishing Group, 2014. ISBN 978-0-7704-3617-9.\r\nWikimedia Commons has media related to Stuxnet.\r\nfanny.bmp – at Securelist\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 27 of 28\n\nfanny.bmp source – at GitHub\r\nStuxnet code – at Internet Archive\r\nSource: https://en.wikipedia.org/wiki/Stuxnet\r\nhttps://en.wikipedia.org/wiki/Stuxnet\r\nPage 28 of 28\n\nOverview According to of Stuxnet researcher Ralph hijacking communication Langner, [80][81] between once installed on Step 7 software a Windows system, and a Siemens Stuxnet infects PLC project files\nbelonging to Siemens' WinCC/PCS 7 SCADA control software[82] (Step 7), and subverts a key communication\n Page 6 of 28 \n\n https://en.wikipedia.org/wiki/Stuxnet \n33. ^ Gary Samore Archived 27 April 2018 at the Wayback Machine speaking at the 10 December 2010\nWashington Forum of the Foundation for Defense of Democracies in Washington DC, reported by C-Span\nand contained in the PBS program Need to Know (\"Cracking the code: Defending against the\nsuperweapons of the 21st century cyberwar\", 4 minutes into piece) \n34. ^ Williams, Christopher (15 February 2011). \"Israel video shows Stuxnet as one of its successes\". London:\nTelegraph.co.uk. Archived from the original on 12 January 2022. Retrieved 14 February 2012.\n35. ^ Jump up to: a b Sanger, David E. (1 June 2012). \"Obama Order Sped Up Wave of Cyberattacks Against\nIran\". The New York Times. Archived from the original on 25 February 2017. Retrieved 1 June 2012.\n36. ^ Matyszczyk, Chris (24 July 2012). \"Thunderstruck! A tale of malware, AC/DC, and Iran's nukes\". CNET.\nRetrieved 8 July 2013. {{cite web}} : CS1 maint: deprecated archival service (link) \n37. ^ \"Iran 'fends off new Stuxnet cyber attack'\". BBC News. 25 December 2012. Archived from the original on\n7 August 2016. Retrieved 28 May 2015. \n38. ^ Shamah, David (11 November 2013). \"Stuxnet, gone rogue, hit Russian nuke plant, space station\". The\nTimes of Israel. Archived from the original on 20 September 2017. Retrieved 12 November 2013.\n39. ^ Krebs, Brian (17 July 2010). \"Experts Warn of New Windows Shortcut Flaw\". Krebs on Security.\nArchived from the original on 2 September 2022. Retrieved 3 March 2011. \n40. ^ Jump up to: a b c d e f g h i j k l m n o p Gross, Michael Joseph (April 2011). \"A Declaration of Cyber\u0002\nWar\". Vanity Fair. Condé Nast. Archived from the original on 31 August 2021. Retrieved 31 December\n2015. \n41. ^ \"Rootkit.TmpHider\". wilderssecurity.com. Wilders Security Forums. Archived from the original on 15\nDecember 2013. Retrieved 25 March 2014. \n42. ^ Shearer, Jarrad (13 July 2010). \"W32.Stuxnet\". Symantec. Symantec. Archived from the original on 4\nJanuary 2012. Retrieved 25 March 2014. \n43. ^ Zetter, Kim (11 July 2011). \"How digital detectives deciphered Stuxnet, the most menacing malware in\nhistory\". arstechnica.com. Archived from the original on 14 May 2022. Retrieved 25 March 2014.\n44. ^ Karl (26 October 2011). \"Stuxnet opens cracks in Iran nuclear program\". abc.net.au. ABC. Archived\nfrom the original on 24 February 2021. Retrieved 25 March 2014. \n45. ^ Gostev, Alexander (26 September 2010). \"Myrtus and Guava: the epidemic, the trends, the numbers\".\nArchived from the original on 1 January 2011. Retrieved 22 January 2011. \n46. ^ Finkle, Jim (26 February 2013). \"Researchers say Stuxnet was deployed against Iran in 2007\". Reuters.\nArchived from the original on 15 August 2021. Retrieved 6 July 2021. \n47. ^ Jump up to: a b c d Aleksandr Matrosov; Eugene Rodionov; David Harley \u0026 Juraj Malcho. \"Stuxnet\nUnder the Microscope, Revision 1.31\" (PDF). Archived from the original (PDF) on 22 January 2022.\nRetrieved 6 September 2019. \n48. ^ Kiley, Sam (25 November 2010). \"Super Virus A Target For Cyber Terrorists\". Archived from the original\non 28 November 2010. Retrieved 25 November 2010. \n49. ^ \"A Fanny Equation: 'I am your father, Stuxnet'\". Kaspersky Lab. 17 February 2015. Archived from the\noriginal on 19 March 2021. Retrieved 24 November 2015. \n50. ^ \"fanny.bmp code\". GitHub. 23 October 2021. Archived from the original on 3 February 2021. Retrieved\n15 February 2021. \n51. ^ \"Equation Group Questions and Answers\" (PDF). securelist.com. Archived from the original (PDF) on\n17 February 2015. \n Page 19 of 28 \n\n https://en.wikipedia.org/wiki/Stuxnet \n111. ^ Melman, Yossi (24 November 2010). \"Iran pauses uranium enrichment at Natanz nuclear plant\".\nHaaretz. Archived from the original on 24 November 2010. Retrieved 24 November 2010. \n112. ^ Jump up to: a b \"The Stuxnet worm: A cyber-missile aimed at Iran?\". The Economist. 24 September 2010.\nArchived from the original on 27 September 2010. Retrieved 28 September 2010. \n113. ^ \"Serious nuclear accident may lay behind Iranian nuke chief's mystery resignation\". WikiLeaks. 16 July\n2009. Archived from the original on 30 December 2010. Retrieved 1 January 2011. \n114. ^ IAEA Report on Iran (PDF) (Report). Institute for Science and International Security. 16 November\n2010. Archived (PDF) from the original on 11 March 2011. Retrieved 1 January 2011. \n115. ^ Jump up to: a b c \"Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?\" (PDF).\nInstitute for Science and International Security. 22 December 2010. Archived (PDF) from the original on\n10 September 2012. Retrieved 27 December 2010. \n116. ^ Stöcker, Christian (26 December 2010). \"Stuxnet-Virus könnte tausend Uran-Zentrifugen zerstört\nhaben\". Der Spiegel (in German). Archived from the original on 27 December 2010. Retrieved 27\nDecember 2010. \n117. ^ Stark, Holger (8 August 2011). \"Mossad's Miracle Weapon: Stuxnet Virus Opens New Era of Cyber\nWar\". Der Spiegel. Archived from the original on 15 August 2011. Retrieved 15 August 2011.\n118. ^ Warrick, Joby (15 February 2011). \"Iran's Natanz nuclear facility recovered quickly from Stuxnet\ncyberattack\". The Washington Post. Archived from the original on 24 January 2022. Retrieved 23 March\n2023. \n119. ^ \"Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report\". Institute for Science and\nInternational Security. 15 February 2011. Archived from the original on 7 August 2011. Retrieved 10 July\n2011. \n120. ^ \"Signs of sabotage in Tehran's nuclear programme\". Gulf News. 14 July 2010. Archived from the original\non 20 November 2010. \n121. ^ Jump up to: a b Williams, Dan (7 July 2009). \"Wary of naked force, Israel eyes cyberwar on Iran\".\nReuters. Archived from the original on 19 May 2018. Retrieved 2 July 2017. \n122. ^ Aneja, Atul (26 September 2010). \"Under cyber-attack, says Iran\". The Hindu. Chennai, India. Archived\nfrom the original on 29 September 2010. Retrieved 27 September 2010. \n123. ^ \" نت اکس است \" ویروس با ابله مق ه ای راه :: خرب شبکه ) in Persian). Irinn.ir. Archived from the original on 21 June\n2013. Retrieved 28 September 2010. \n124. ^ Jump up to: a b \"Stuxnet worm rampaging through Iran: IT official\". AFP. Archived from the original on\n30 September 2010. \n125. ^ \"IRAN: Speculation on Israeli involvement in malware computer attack\". Los Angeles Times. 27\nSeptember 2010. Archived from the original on 28 September 2010. Retrieved 28 September 2010.\n126. ^ Jump up to: a b Erdbrink, Thomas; Nakashima, Ellen (27 September 2010). \"Iran struggling to contain\n'foreign-made' 'Stuxnet' computer virus\". The Washington Post. Archived from the original on 2 October\n2010. Retrieved 28 September 2010. \n127. ^ \"Ahmadinedschad räumt Virus-Attack ein\". Der Spiegel. 29 November 2010. Archived from the original\non 20 December 2010. Retrieved 29 December 2010. \n128. ^ \"Stuxnet: Ahmadinejad admits cyberweapon hit Iran nuclear program\". The Christian Science Monitor.\n30 November 2010. Archived from the original on 5 December 2010. Retrieved 29 December 2010.\n Page 23 of 28 \n\nSeptember 2019. https://en.wikipedia.org/wiki/Stuxnet \n167. ^ Bob, Yonah Jeremy (2 September 2019). \"Secret Dutch mole aided Stuxnet attack on Iran's nuke program\n-Report\". Jerusalem Post. Archived from the original on 5 September 2019. Retrieved 4 September 2019.\n168. ^ Gaycken, Sandro (26 November 2010). \"Stuxnet: Wer war's? Und wozu?\". Die ZEIT. Archived from the\noriginal on 20 April 2011. Retrieved 19 April 2011. \n169. ^ Hopkins, Nick (31 May 2011). \"UK developing cyber-weapons programme to counter cyber war threat\".\nThe Guardian. United Kingdom. Archived from the original on 10 September 2013. Retrieved 31 May\n2011. \n170. ^ Iain Thomson (8 July 2013). \"Snowden: US and Israel Did Create Stuxnet Attack Code\". The Register.\nArchived from the original on 10 July 2013. Retrieved 8 July 2013. \n171. ^ Menn, Joseph (29 May 2015). \"Exclusive: U.S. tried Stuxnet-style campaign against North Korea but\nfailed-sources\". Reuters. Archived from the original on 13 December 2015. Retrieved 31 May 2015.\n172. ^ Goud, Naveen (6 November 2018). \"Iran says Israel launched Stuxnet 2.0 Cyber Attack\". Archived from\nthe original on 7 February 2019. Retrieved 6 February 2019. \n173. ^ \"Stuxnet's Secret Twin\". Foreign Policy. 19 November 2013. Archived from the original on 4 December\n2014. Retrieved 11 March 2017. \n174. ^ \"Duqu: A Stuxnet-like malware found in the wild, technical report\" (PDF). Laboratory of Cryptography\nof Systems Security (CrySyS). 14 October 2011. Archived (PDF) from the original on 21 April 2019.\nRetrieved 13 November 2011. \n175. ^ \"Statement on Duqu's initial analysis\". Laboratory of Cryptography of Systems Security (CrySyS). 21\nOctober 2011. Archived from the original on 4 October 2012. Retrieved 25 October 2011. \n176. ^ \"W32.Duqu -The precursor to the next Stuxnet (Version 1.2)\" (PDF). Symantec. 20 October 2011.\nArchived from the original (PDF) on 25 October 2019. Retrieved 25 October 2011. \n177. ^ Finkle, Jim (28 December 2011). \"Stuxnet weapon has at least 4 cousins: researchers\". Reuters. Archived\nfrom the original on 24 September 2015. Retrieved 6 July 2021. \n178. ^ Jump up to: a b Zetter, Kim (28 May 2012). \"Meet 'Flame,' The Massive Spy Malware Infiltrating Iranian\nComputers\". Wired. Archived from the original on 30 May 2012. Retrieved 29 May 2012. \n179. ^ \"Resource 207: Kaspersky Lab Research Proves that Stuxnet and Flame Developers are Connected\".\nKaspersky Lab. 11 June 2012. Archived from the original on 16 November 2021. Retrieved 13 June 2012.\n180. ^ \"The Meaning of Stuxnet\". The Economist. 30 September 2010. Archived from the original on 30 March\n2015. Retrieved 18 April 2015. \n181. ^ Kim Zetter (8 July 2011). \"How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in\nHistory\". Wired. Archived from the original on 9 March 2017. Retrieved 11 March 2017. \n182. ^ Holger Stark (8 August 2011). \"Mossad's Miracle Weapon: Stuxnet Virus Opens New Era of Cyber War\".\nDer Spiegel. Archived from the original on 12 April 2015. Retrieved 18 April 2015. \n183. ^ Eddie Walsh (1 January 2012). \"2011: The year of domestic cyber threat\". Al Jazeera English. Archived\nfrom the original on 18 April 2015. Retrieved 18 April 2015. \n184. ^ Vyacheslav Zakorzhevsky (5 October 2010). \"Sality \u0026 Stuxnet -Not Such a Strange Coincidence\". \nKaspersky Lab. Archived from the original on 18 April 2015. Retrieved 18 April 2015. \n185. ^ Ball, James (16 February 2016). \"U.S. Hacked into Iran's Critical Civilian Infrastructure For Massive\nCyberattack, New Film Claims\". BuzzFeed. Archived from the original on 19 July 2017. Retrieved 17 May\n2017. \n Page 26 of 28", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "MISPGALAXY", "Malpedia" ], "references": [ "https://en.wikipedia.org/wiki/Stuxnet" ], "report_names": [ "Stuxnet" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0", "created_at": "2022-10-25T15:50:23.710403Z", "updated_at": "2026-04-10T02:00:05.281246Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "Whisper Spider" ], "source_name": "MITRE:Silence", "tools": [ "Winexe", "SDelete" ], "source_id": "MITRE", "reports": null }, { "id": "c91e335e-42be-48d9-96b5-ba56749a723b", "created_at": "2022-10-25T16:07:23.458346Z", "updated_at": "2026-04-10T02:00:04.616481Z", "deleted_at": null, "main_name": "CIA", "aliases": [ "Central Intelligence Agency" ], "source_name": "ETDA:CIA", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "d7c5a1bf-85c9-4d2f-bdbd-1455f5f2ae65", "created_at": "2022-10-25T16:07:23.978074Z", "updated_at": "2026-04-10T02:00:04.817311Z", "deleted_at": null, "main_name": "Operation Olympic Games", "aliases": [ "GOSSIPGIRL" ], "source_name": "ETDA:Operation Olympic Games", "tools": [ "Stuxnet", "W32.Stuxnet" ], "source_id": "ETDA", "reports": null }, { "id": "d4f7cf97-9c98-409c-8b95-b80d14c576a5", "created_at": "2022-10-25T16:07:24.561104Z", "updated_at": "2026-04-10T02:00:05.03343Z", "deleted_at": null, "main_name": "Shadow Brokers", "aliases": [], "source_name": "ETDA:Shadow Brokers", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "6dbdb9e4-3569-404a-8a25-e8ce65994281", "created_at": "2023-01-06T13:46:38.380071Z", "updated_at": "2026-04-10T02:00:02.950177Z", "deleted_at": null, "main_name": "Sands Casino", "aliases": [], "source_name": "MISPGALAXY:Sands Casino", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "fea75bf4-c510-4146-bbac-0802351f4eb0", "created_at": "2023-01-06T13:46:38.714847Z", "updated_at": "2026-04-10T02:00:03.076837Z", "deleted_at": null, "main_name": "Unit 8200", "aliases": [ "Duqu Group" ], "source_name": "MISPGALAXY:Unit 8200", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "9041c438-4bc0-4863-b89c-a32bba33903c", "created_at": "2023-01-06T13:46:38.232751Z", "updated_at": "2026-04-10T02:00:02.888195Z", "deleted_at": null, "main_name": "Nitro", "aliases": [ "Covert Grove" ], "source_name": "MISPGALAXY:Nitro", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a2b44a04-a080-4465-973d-976ce53777de", "created_at": "2022-10-25T16:07:23.911791Z", "updated_at": "2026-04-10T02:00:04.786538Z", "deleted_at": null, "main_name": "Nitro", "aliases": [ "Covert Grove", "Nitro" ], "source_name": "ETDA:Nitro", "tools": [ "AngryRebel", "Backdoor.Apocalipto", "Chymine", "Darkmoon", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "Moudour", "Mydoor", "PCClient", "PCRat", "Poison Ivy", "SPIVY", "Spindest", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "171b85f2-8f6f-46c0-92e0-c591f61ea167", "created_at": "2023-01-06T13:46:38.830188Z", "updated_at": "2026-04-10T02:00:03.114926Z", "deleted_at": null, "main_name": "The Shadow Brokers", "aliases": [ "Shadow Brokers", "ShadowBrokers", "The ShadowBrokers", "TSB" ], "source_name": "MISPGALAXY:The Shadow Brokers", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "08623296-52be-4977-8622-50efda44e9cc", "created_at": "2023-01-06T13:46:38.549387Z", "updated_at": "2026-04-10T02:00:03.020003Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "Tilded Team", "EQGRP", "G0020" ], "source_name": "MISPGALAXY:Equation Group", "tools": [ "TripleFantasy", "GrayFish", "EquationLaser", "EquationDrug", "DoubleFantasy" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b", "created_at": "2024-05-01T02:03:08.144214Z", "updated_at": "2026-04-10T02:00:03.674763Z", "deleted_at": null, "main_name": "PLATINUM COLONY", "aliases": [ "Equation Group " ], "source_name": "Secureworks:PLATINUM COLONY", "tools": [ "DoubleFantasy", "EquationDrug", "EquationLaser", "Fanny", "GrayFish", "TripleFantasy" ], "source_id": "Secureworks", "reports": null }, { "id": "1a76ed30-4daf-4817-98ae-87c667364464", "created_at": "2022-10-25T16:47:55.891029Z", "updated_at": "2026-04-10T02:00:03.646466Z", "deleted_at": null, "main_name": "IRON LIBERTY", "aliases": [ "ALLANITE ", "ATK6 ", "BROMINE ", "CASTLE ", "Crouching Yeti ", "DYMALLOY ", "Dragonfly ", "Energetic Bear / Berserk Bear ", "Ghost Blizzard ", "TEMP.Isotope ", "TG-4192 " ], "source_name": "Secureworks:IRON LIBERTY", "tools": [ "ClientX", "Ddex Loader", "Havex", "Karagany", "Loek", "MCMD", "Sysmain", "xfrost" ], "source_id": "Secureworks", "reports": null }, { "id": "e0fed6e6-a593-4041-80ef-694261825937", "created_at": "2022-10-25T16:07:23.593572Z", "updated_at": "2026-04-10T02:00:04.680752Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "APT-C-40", "G0020", "Platinum Colony", "Tilded Team" ], "source_name": "ETDA:Equation Group", "tools": [ "Bvp47", "DEMENTIAWHEEL", "DOUBLEFANTASY", "DanderSpritz", "DarkPulsar", "DoubleFantasy", "DoubleFeature", "DoublePulsar", "Duqu", "EQUATIONDRUG", "EQUATIONLASER", "EQUESTRE", "Flamer", "GRAYFISH", "GROK", "OddJob", "Plexor", "Prax", "Regin", "Skywiper", "TRIPLEFANTASY", "Tilded", "UNITEDRAKE", "WarriorPride", "sKyWIper" ], "source_id": "ETDA", "reports": null }, { "id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7", "created_at": "2025-03-29T02:05:20.764715Z", "updated_at": "2026-04-10T02:00:03.851829Z", "deleted_at": null, "main_name": "GOLD WYMAN", "aliases": [ "Silence " ], "source_name": "Secureworks:GOLD WYMAN", "tools": [ "Silence" ], "source_id": "Secureworks", "reports": null }, { "id": "b07fec96-80cd-4d92-aa52-a26a0b25b7c2", "created_at": "2022-10-25T16:07:23.826594Z", "updated_at": "2026-04-10T02:00:04.760416Z", "deleted_at": null, "main_name": "Madi", "aliases": [ "Mahdi" ], "source_name": "ETDA:Madi", "tools": [ "Madi" ], "source_id": "ETDA", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434692, "ts_updated_at": 1775792129, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7eebbb189c095fa86bbed9ee26a2cc2946b4f0ba.pdf", "text": "https://archive.orkl.eu/7eebbb189c095fa86bbed9ee26a2cc2946b4f0ba.txt", "img": "https://archive.orkl.eu/7eebbb189c095fa86bbed9ee26a2cc2946b4f0ba.jpg" } }