This kind of thing fascinates me.
Any of you guys read up on STUXNET, FLAME, GAUSS or DUQU?
Four crazy bits of malware linked with the US, UK and Israel.
Unlike most malware, Stuxnet does little harm to computers and networks that do not meet specific configuration requirements; "The attackers took great care to make sure that only their designated targets were hit… It was a marksman’s job."While the worm is promiscuous, it makes itself inert if Siemens software is not found on infected computers, and contains safeguards to prevent each infected computer from spreading the worm to more than three others, and to erase itself on 24 June 2012.
For its targets, Stuxnet contains, among other things, code for a man-in-the-middle attack that fakes industrial process control sensor signals so an infected system does not shut down due to detected abnormal behavior. Such complexity is very unusual for malware. The worm consists of a layered attack against three different systems:
- The Windows operating system,
- Siemens PCS 7, WinCC and STEP7 industrial software applications that run on Windows and
- One or more Siemens S7 PLCs.
It found its way in to the air-gapped Natanz Nuclear facility in Iran and halted the enrichment process going to so far as to cause a nuclear accident that caused the Atomic Energy Minister to resign.
Then there is the 'Equation Group’ who pulled off the following:
They also identified that the platform had at times been spread by interdiction (interception of legitimate CDs sent by a scientific conference organizer by mail), and that the platform had the “unprecedented” ability to infect and be transmitted through the hard drive firmware of several of the major hard drive manufacturers, and create and use hidden disk areas and virtual disk systems for its purposes, a feat demanding access to the manufacturer’s source code of each to achieve, and that the tool was designed for surgical precision, going so far as to exclude specific countries by IP and allow targeting of specific usernames on discussion forums.