Tag Archive: Stuxnet


Researchers Uncover Government Spy Tool Used To Hack Telecoms And Belgian Cryptographer

 

 

Regin-Architecture

 

 

” It was the spring of 2011 when the European Commission discovered it had been hacked. The intrusion into the EU’s legislative body was sophisticated and widespread and used a zero-day exploit to get in. Once the attackers established a stronghold on the network, they were in for the long haul. They scouted the network architecture for additional victims and covered their tracks well. Eventually, they infected numerous systems belonging to the European Commission and the European Council before being discovered.

  Two years later another big target was hacked. This time it was Belgacom, the partly state-owned Belgian telecom. In this case, too, the attack was sophisticated and complex. According to published news reports and documents leaked by Edward Snowden, the attackers targeted system administrators working for Belgacom and used their credentials to gain access to routers controlling the telecom’s cellular network. Belgacom publicly acknowledged the hack, but has never provided details about the breach.

  Then five months after that announcement, news of another high-profile breach emerged—this one another sophisticated hack targeting prominent Belgian cryptographer Jean-Jacques Quisquater. “

 

 

 

 

 

” Now it appears that security researchers have found the massive digital spy tool used in all three attacks. Dubbed “Regin” by Microsoft, more than a hundred victims have been found to date, but there are likely many others still unknown. That’s because the espionage tool—a malicious platform capable of taking over entire networks and infrastructures—has been around since at least 2008, possibly even earlier, and is built to remain stealth on a system for years.

  The threat has been known since at least 2011, around the time the EU was hacked and some of the attack files made their way to Microsoft, who added detection for the component to its security software. Researchers with Kaspersky Lab only began tracking the threat in 2012, collecting bits and pieces of the massive threat. Symantec began investigating it in 2013 after some of its customers were infected. Putting together information from each, it’s clear the platform is highly complex and modulated and can be customized with a wide range of capabilities depending on the target and the attackers’ needs. Researchers have found 50 payloads so far for stealing files and other data, but have evidence that still more exist.

“ It’s a threat that everyone has detected for some time, but no one has exposed [until now],” says Eric Chien, technical director of Symantec’s Security Technology and Response division.

  The researchers have no doubt that Regin is a nation-state tool and are calling it the most sophisticated espionage machine uncovered to date—more complex even than the massive Flame platform, uncovered by Kaspersky and Symantec in 2012 and crafted by the same team who created Stuxnet. “

 

The whole story may be read at Wired

 

 

 

 

 

 

 

 

 

Stuxnet: UK And US Nuclear Plants At Risk As Malware Spreads Outside Russia

 

 

 

 

” Security experts have warned the notorious Stuxnet malware has likely infected numerous power plants outside of Russia and Iran.

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

“[The member of staff told us] their nuclear plant network, which was disconnected from the internet […] was badly infected by Stuxnet,” Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet’s unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

It didn’t spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs,” he said.”

 

 

Here is a very thorough and detailed article for those readers interested in learning more about the history of Stuxnet .

 

Illlustration "How Stuxnet Worked"

 

 

” Computer cables snake across the floor. Cryptic flowcharts are scrawled across various whiteboards adorning the walls. A life-size Batman doll stands in the hall. This office might seem no different than any other geeky workplace, but in fact it’s the front line of a war—a cyberwar, where most battles play out not in remote jungles or deserts but in suburban office parks like this one. As a senior researcher for Kaspersky Lab, a leading computer security firm based in Moscow, Roel Schouwenberg spends his days (and many nights) here at the lab’s U.S. headquarters in Woburn, Mass., battling the most insidious digital weapons ever, capable of crippling water supplies, power plants, banks, and the very infrastructure that once seemed invulnerable to attack.

Recognition of such threats exploded in June 2010 with the discovery of Stuxnet, a 500-kilobyte computer worm that infected the software of at least 14 industrial sites in Iran, including a uranium-enrichment plant. Although a computer virus relies on an unwitting victim to install it, a worm spreads on its own, often over a computer network.

This worm was an unprecedentedly masterful and malicious piece of code that attacked in three phases. First, it targeted Microsoft Windows machines and networks, repeatedly replicating itself. Then it sought out Siemens Step7 software, which is also Windows-based and used to program industrial control systems that operate equipment, such as centrifuges. Finally, it compromised the programmable logic controllers. The worm’s authors could thus spy on the industrial systems and even cause the fast-spinning centrifuges to tear themselves apart, unbeknownst to the human operators at the plant. (Iran has not confirmed reports that Stuxnet destroyed some of its centrifuges.)”

 

 

Further reading :

How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

Confirmed: US and Israel created Stuxnet, lost control of it

The History of Stuxnet: Key Takeaways

Stuxnet: Anatomy of a Computer Virus on Vimeo

 

 

 

 

 

 

 

 

International Space Station Infected With USB Stick Malware Carried on Board by Russian Astronauts

 

 

” Renowned security expert Eugene Kaspersky reveals that the International Space Station was infected by a USB stick carried into space by a Russian astronaut.

Russian security expert Eugene Kaspersky has also told journalists that the infamous Stuxnet had infected an unnamed Russian nuclear plant and that in terms of cyber-espionage “all the data is stolen globally… at least twice.”

Kaspersky revealed that Russian astronauts carried a removable device into space which infected systems on the space station. He did not elaborate on the impact of the infection on operations of the International Space Station (ISS). 

Kaspersky said he had been told that from time to time there were “virus epidemics” on the station.”