Joint research by Kaspersky Lab and Symantec found the organisations, contractors to Natanz, were targeted between June 2009 and March 2010 and suffered 12,000 infections from 3280 Stuxnet samples.
Researchers were able to glean the new information published in January and updated with victims' names today because Stuxnet code retained information about the targets it infected, creating new executables for each.
"Stuxnet remains one of the most interesting pieces of malware ever created," Kaspersky analysts wrote. "The targeting of certain high profile companies was the solution" to infect Natanz.
Symantec reverse engineer (@Liam O Murchu) said it was confident Stuxnet leaked from the initial targets.
"Based on the analysis of the bread crumb log files, every Stuxnet sample we have ever seen originated outside of Natanz," O'Murchu said.
"... every sample can be traced back to specific companies involved in industrial control systems-type work."
The companies included Behpajooh identified as patient zero from where the worm leaked to the world; Foolad Technic Engineering Co which developed blueprints for Iran's industrial control systems; the sanctioned Neda Industrial Group; Control-Gostar Jahed Company, and Kala Electric a sanctioned firm that developed centrifuges.
The sophisticated malware was widely thought to be the work of the US and Israel created under Operation Olympic Games launched by the Bush Administration and continued under President Obama.
It contained four zero day vulnerabilities, making it both expensive in terms of the research typically required to discover the flaws, and highly targeted having been designed to target the specific systems used in the Natanz facility.
No comments:
Post a Comment