Stuxnet
What is Stuxnet?
StuxnetA highly sophisticated 2010 worm that sabotaged Iran's uranium-enrichment centrifuges by reprogramming Siemens PLCs, widely attributed to the United States and Israel.
Stuxnet is the canonical example of an ICS cyber-weapon: a worm publicly disclosed in 2010 and widely attributed to the U.S.-Israeli "Olympic Games" program. It targeted Siemens S7-300/S7-400 PLCs at Iran's Natanz uranium-enrichment facility, manipulating variable-frequency drive set-points to damage centrifuges while replaying normal data to operators. It used at least four Windows zero-days, stolen Realtek and JMicron code-signing certificates, USB-based propagation, and a tightly targeted payload that only activated against specific PLC programs and hardware. Stuxnet proved that purely digital code could cause physical destruction and reshaped the field of OT security, inspiring defensive standards such as IEC 62443 and a new generation of ICS threat research.
● Examples
- 01
Reprogramming Siemens S7 PLCs to alter centrifuge rotor speeds while spoofing normal readings to the HMI.
- 02
Spreading inside an air-gapped network through infected USB drives.
● Frequently asked questions
What is Stuxnet?
A highly sophisticated 2010 worm that sabotaged Iran's uranium-enrichment centrifuges by reprogramming Siemens PLCs, widely attributed to the United States and Israel. It belongs to the OT / ICS / IoT category of cybersecurity.
What does Stuxnet mean?
A highly sophisticated 2010 worm that sabotaged Iran's uranium-enrichment centrifuges by reprogramming Siemens PLCs, widely attributed to the United States and Israel.
How does Stuxnet work?
Stuxnet is the canonical example of an ICS cyber-weapon: a worm publicly disclosed in 2010 and widely attributed to the U.S.-Israeli "Olympic Games" program. It targeted Siemens S7-300/S7-400 PLCs at Iran's Natanz uranium-enrichment facility, manipulating variable-frequency drive set-points to damage centrifuges while replaying normal data to operators. It used at least four Windows zero-days, stolen Realtek and JMicron code-signing certificates, USB-based propagation, and a tightly targeted payload that only activated against specific PLC programs and hardware. Stuxnet proved that purely digital code could cause physical destruction and reshaped the field of OT security, inspiring defensive standards such as IEC 62443 and a new generation of ICS threat research.
How do you defend against Stuxnet?
Defences for Stuxnet typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Stuxnet?
Common alternative names include: Stuxnet worm, Olympic Games (operation).
● Related terms
- ot-iot№ 864
Programmable Logic Controller (PLC)
A ruggedized industrial computer that executes deterministic control logic to read sensors and drive actuators in real-time processes.
- ot-iot№ 529
Industrial Control System (ICS)
An umbrella term for systems that automate and supervise industrial processes, including SCADA, DCS, PLCs, RTUs, and safety controllers.
- ot-iot№ 762
Operational Technology (OT)
Hardware and software that monitor and control physical processes, devices, and infrastructure such as factories, power plants, and utilities.
- ot-iot№ 1174
TRITON / TRISIS
Malware discovered in 2017 that targeted Schneider Triconex Safety Instrumented Systems at a Saudi petrochemical plant, attributed to a Russia-linked actor.
- ot-iot№ 530
Industroyer / CrashOverride
Modular ICS malware used in the 2016 Ukraine power-grid attack and updated as Industroyer2 in 2022, capable of speaking native grid protocols to trip substations.
- ot-iot№ 038
Air-Gapped Network
A network that is physically and logically isolated from other networks, especially the internet, to protect highly sensitive systems such as ICS, classified networks, or vaults.
● See also
- № 972SCADA
- № 387Equation Group