What is Stuxnet? Explore how Stuxnet spread

Explore how Stuxnet spread through infected USB drives, bypassing security measures. Understand its infection methods and the risks involved. Read more.

Back to glossary

Stuxnet: the first digital weapon

In January 2010, inspectors from the International Atomic Energy Agency visiting the Natanz nuclear plant in Iran noted that the centrifuges used to enrich uranium gas were failing at an alarming rate. Neither the Iranian technicians nor the inspectors could find the cause, suspecting it might be a computer virus.

Five months later, an apparently unrelated event occurred. A computer security firm from Belarus was called in to look for faults in a number of computers in Iran that kept shutting down and rebooting. This incident was linked to Iran's nuclear facilities. Again, no one could find the cause of the problem. The cause only became known when IT technicians found a handful of malicious files on one of the systems. They had found both the cause of the errors and the world’s first digital weapon.

What is Stuxnet?

Stuxnet is a highly sophisticated computer worm designed to target industrial control systems, specifically those integral to Iran’s nuclear program. Unlike typical malware, which aims to steal data or disrupt general operations, Stuxnet was engineered as a cyber weapon to cause physical damage to its targets. If you’re curious to discover more about how malware operates and its role in cyberattacks, check out our glossary on malware.

It is widely regarded as one of the most complex and advanced malware attacks in history. The consensus among cybersecurity experts is that Stuxnet was developed by the United States and Israel to thwart Iran’s nuclear ambitions by sabotaging its uranium enrichment processes.

Stuxnet: the world's first digital weapon

The cause of the failing centrifuges and computer systems later became known as Stuxnet. Unlike a computer virus that relies on an unwitting victim to install it, Stuxnet was a computer worm designed specifically to take over certain industrial control systems and cause the equipment powered by those systems to fail, while the systems sent false data to the system monitors indicating that the equipment was working fine.

Stuxnet targeted certain control systems (SCADA systems) manufactured by the German company Siemens AG. Industrial systems, previously thought to be secure, were shown to be vulnerable to sophisticated malware. SCADA systems typically control machinery used in power plants and similar installations.

More specifically, Stuxnet targeted only Siemens SCADA systems used in conjunction with frequency converters manufactured by certain manufacturers in Finland and Iran and programmed to control motors at very high speeds. This specific combination indicated that Stuxnet was targeting industrial control systems with a very specific target, namely nuclear facilities in Iran.

Investigations later showed that of the approximately 100,000 computers infected by Stuxnet at the end of 2010, around 60% were located in Iran.

Why was Stuxnet created? Targeting industrial control systems

Stuxnet is believed to have been in circulation since 2005. After the large-scale attack on Iranian nuclear facilities, speculation began about where Stuxnet originated. Many security analysts pointed to the US and Israel as the culprits. Both countries had for some time considered the threat posed by Iranian nuclear weapons to be particularly serious, and both had the means and expertise to plan and carry out such cyber attacks.

Officials from both countries refused to discuss the matter. Meanwhile, the Iranian government said a foreign virus had infected computers at some nuclear facilities, but had caused only minor problems. However, there was a consensus among experts that Iran’s problems were far from minor; many believed that the country’s nuclear programme may have suffered a serious setback.

After the attack, several institutes and news media reported that between 10 and 30% of Iran’s nuclear centrifuges were destroyed by Stuxnet. The malware specifically targeted the uranium enrichment facility at Natanz, manipulating industrial machinery and causing significant damage while remaining stealthy and undetected by operators.

History and development

The development of Stuxnet is believed to have begun in the mid-2000s, with the first versions of the worm being detected as early as 2007. The malware was meticulously crafted to target the Siemens Simatic WinCC SCADA system, a type of industrial control system used to oversee and manage industrial processes. By exploiting vulnerabilities in both the Windows operating system and Siemens software, Stuxnet was able to infiltrate these control systems undetected. This allowed it to spread stealthily and manipulate the industrial processes it was designed to disrupt.

The start of modern cyber warfare: a cyber weapon

Although it was impossible to verify the extent of Stuxnet’s damage, it was clear to cyber security experts that Iran had been subjected to a malware attack that was more sophisticated and damaging than any other documented attack.

By taking over and disrupting industrial processes in a significant part of an Iran's nuclear power plant, Stuxnet was a truly powerful cyber weapon. Stuxnet led to a significant escalation in state-sponsored hacking and states’ capacity and willingness to engage in cyber warfare. If you want to learn more about how governments use cyberattacks as strategic tools, read about state-sponsored hacking here.

Stuxnet specifically targeted Microsoft Windows machines. Additionally, it infected computers linked to Siemens programmable logic controllers (PLCs), altering their programming to cause physical damage to centrifuges while simultaneously providing false feedback to operators, making it difficult to detect the ongoing sabotage until it was too late.

Technical details

Stuxnet stands out due to its technical complexity and the use of multiple zero-day exploits—previously unknown vulnerabilities in software that are exploited before the developer has a chance to fix them. The malware was specifically designed to target industrial control systems, including those in nuclear power plants. It could manipulate these systems to cause physical damage, such as the destruction of centrifuges used in uranium enrichment. Stuxnet employed a combination of social engineering and technical exploits to infiltrate systems, spreading through USB drives, networks, and other vectors to reach its intended targets. If you’re curious about how zero-day vulnerabilities are exploited, learn more in our detailed explanation of zero-days.

Impact on industrial control systems

The impact of Stuxnet on industrial control systems was profound, particularly within Iran’s nuclear program. The worm was able to manipulate the control systems to cause significant physical damage, including the destruction of centrifuges critical to uranium enrichment. This attack not only set back Iran’s nuclear ambitions but also underscored the vulnerability of industrial control systems to cyber attacks. The incident led to a heightened awareness of the need for robust cybersecurity measures to protect these critical systems from similar threats in the future.

Cybersecurity implications

The Stuxnet attack served as a wake-up call for the importance of cybersecurity in protecting industrial control systems. It demonstrated that these systems are susceptible to sophisticated cyber attacks, with potentially severe consequences. The use of Stuxnet as a cyber weapon raised significant concerns about the role of cyber warfare in international conflicts and the risks posed to critical infrastructure. In response, there has been a substantial increase in investment in cybersecurity measures to safeguard industrial control systems. Additionally, there is a growing recognition of the need for international cooperation to prevent the use of cyber weapons and to protect critical infrastructure from such threats.

This post has been updated on 20-01-2025 by Sofie Meyer.

Author Sofie Meyer

About the author

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

Similar definitions

Definition of firewall: It's role in cybersecurity GLib Wireless fidelity DisplayPort Hacker Microsoft Access Non-volatile memory (NVM) Intranet Granularity in cybersecurity Cricket phones: A comprehensive guide Redaction What are credentials? What is honeypot in cybersecurity? Virtual channel identifier (VCI) Demilitarized zone (DMZ)