The Stuxnet virus came to light in 2010, having attacked Iranian nuclear facilities by hitting the programmable logic control automation systems that control them. The PLC system, manufactured by German conglomerate Siemens, runs the centrifuges used to enrich uranium at Iran’s Natanz facility. Variants of Stuxnet have affected the facility’s centrifuges in various ways, mostly by changing the activity of valves controlled by the PLC software that feed the uranium to centrifuges at a specific rate required for enrichment, Kaspersky said in several presentations last year.
It’s not known when Stuxnet began its activities, but researchers at anti-virus company Symantec said that they had gathered evidence that earlier versions of the code were already seen “in the wild” in 2005, although it wasn’t yet operational as a virus. Stuxnet, said Symantec, was the first virus known to attack national infrastructure projects, and according to the company, the groups behind Stuxnet were already seeking to compromise Iran’s nuclear program in 2007 — the year Iran’s Natanz nuclear facility, where much of the country’s uranium enrichment is taking place, went online.
Now that the plague has been unleashed, said Kaspersky, no one is immune — and that includes its originators, who are no longer in control of it. “There are no borders” in cyberspace, and no one should be surprised at any reports of a virus attack, no matter how ostensibly secure the facility, he said.