Security researchers from Symantec say the Stuxnet malware is older than was previously believed. The worm was first discovered in 2010, and experts had believed it was first deployed against Iranian targets in 2009. However, new evidence suggests Stuxnet was under development as early as 2005 and first deployed in 2007.
The Washington Post’s Ellen Nakashima reported, “The secret cyber-sabotage campaign aimed at Iran’s nuclear program may have been in existence as early as 2005 and may have been capable of inflicting more damage than previously known, according to a security firm’s analysis released Tuesday. The findings, by the security company Symantec, were announced after the discovery of an earlier variant of Stuxnet, as researchers have dubbed the worm reportedly developed by the United States and Israel.”
Jim Finkle with Reuters added, “They found evidence Stuxnet 0.5 was in development as early as 2005, when Iran was still setting up its uranium enrichment facility, and the virus was deployed in 2007, the same year the Natanz facility went online. ‘It is really mind blowing that they were thinking about creating a project like that in 2005,’ Symantec researcher Liam O’Murchu told Reuters.”
Dark Reading’s Kelly Jackson Higgins noted, “There may even [be] other Stuxnet versions that predate 0.5, because there are signs of activity back in 2005 as well, when the attackers registered domain names for the attacks, [Symantec’s Liam] O’Murchu says. ‘This may not be first’ Stuxnet iteration, he says. ‘There’s a chance there could be an older version than this.’ The new timeline and malware version reveal how the attackers became increasingly aggressive in their attacks with the later versions of the malware, O’Murchu says. ‘As you go up through Version 1, you see more zero-day exploits being added,’ he says. Another puzzle it solves: Stuxnet was definitely based on the Flame/Flamer/TildeD, malware platform as many researchers had theorized, and the writers of those malware families are either one in the same or work closely together, he says.”
Ben Weitzenkorn with Fox News observed, “The 2007 variant was programmed to create physical damage to a specific uranium enrichment facility; it programmed valves and centrifuges to cause damage by creating improper amounts of pressure in the system. This earlier variant sheds more light on what, exactly, the worm was supposed to do. ‘Whether the attack succeeded in this manner or not remains unclear,’ Symantec said in its report. ‘Even if the attack did succeed, the attackers decided to switch to a different strategy, of attacking the speed of the centrifuges themselves instead, in Stuxnet 1.x versions.'”