The first potentially explosive cyber-weapon used to attack Iran’s nuclear research infrastructure was developed before Iran even started enriching uranium at the Natanz facility, researchers at the security company Symantec have discovered.
The dormant computer virus that was behind an attack on Iran’s nuclear program as early as 2005 still threatens computers worldwide, mainly in Iran and the United States, Symantec’s new report suggests.
The anti-virus giant, on Tuesday, claimed that a team of specialists has discovered a version of the Stuxnet computer virus that was used against Tehran in November 2007, two years earlier than previously assumed.
The threat, Stuxnet version 1.001, which the company helped to uncover in July 2010, “one of the most sophisticated pieces of malware ever written” is now believed to have had an impact on the critical national infrastructure of nation states.
When the virus originally surfaced, it was alleged that Washington and Tel Aviv used it to attack an Iranian nuclear plant at Natanz.
But the latest analysis by the Symantec Security Response has revealed that an earlier version of 1.001, Stuxnet 0.5 was in operation between 2007 and 2009 with the possibility of even earlier variants going back to 2005.
Yet eight years ago Iran was in the process of building its uranium enrichment facility, said Symantec researcher Liam O’Murchu, as the plant became operational in 2007.
“It is really mind-blowing that they were thinking about creating a project like that in 2005,” O’Murchu told Reuters ahead of the report’s release at the RSA security conference in San Francisco.
All versions of Stuxnet have allegedly been used to change the speeds of around 1,000 gas-spinning centrifuges without being detected, thus sabotaging the research process of Iranian scientists. Such manipulation, say some experts, could potentially lead to an explosion.
Symantic said that the new variant is the oldest version of Stuxnet found and is spread by “infecting Step 7 projects including USB keys.”
It also has a kill date which stopped it from spreading on July 4, 2009.
“The 0.5 version was a mixture of sabotage and espionage – affecting the valves and reporting back,” Sian John, Symantec’s director of security strategy for UK and Ireland Enterprise was quoted by The Guardian as saying. “This really goes to show that with the right impact and amount of research, these groups can create very targeted attacks.”
The security company also detected a number of dormant infections worldwide over the past year. Out of a small number discovered, 47 per cent were found in Iran while 21 per cent were in the US.