The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: stuxnet

This 'Killer USB' can make your Computer explode

This 'Killer USB' can make your Computer explode

March 12, 2015Swati Khandelwal
Can Hackers turn a remote computer into a bomb and explode it to kill someone, just like they do in hacker movies? Wait, wait! Before answering that, Let me tell you an interesting story about Killer USB drive: A man walking in the subway stole a USB flash drive from the outer pocket of someone else's bag. The pendrive had "128" written on it. After coming home, he inserted the pendrive into his laptop and instead discovering any useful data, he burnt half of his laptop down. The man then took out the USB pendrive, replaced the text "128" with "129" and put it in the outer pocket of his bag… Amen! I’m sure, you would really not imagine yourself being the 130th victim of this Killer perdrive, neither I. This above story was told to a Russian researcher, nicknamed Dark Purple, who found the concept very interesting and developed his own computer-frying USB Killer pendrive. He is working with electronic manufacturing company from where
Microsoft patches Stuxnet and FREAK Vulnerabilities

Microsoft patches Stuxnet and FREAK Vulnerabilities

March 11, 2015Swati Khandelwal
Microsoft has come up with its most important Patch Tuesday for this year, addressing the recently disclosed critical the FREAK encryption-downgrade attack , and a separate five-year-old vulnerability leveraged by infamous Stuxnet malware to infect Windows operating system. Stuxnet malware , a sophisticated cyber-espionage malware allegedly developed by the US Intelligence and Israeli government together, was specially designed to sabotage the Iranian nuclear facilities a few years ago. First uncovered in 2010, Stuxnet targeted computers by exploiting vulnerabilities in Windows systems. Thankfully, Microsoft has issued a patch to protect its Windows machines that have been left vulnerable to Stuxnet and other similar attacks for the past five years. The fixes are included in MS15-020 which resolves Stuxnet issue. The company has also issued an update that patches the FREAK encryption vulnerability in its SSL/TSL implementation called Secure Channel (Schannel). The fix
'Regin' - 'State-Sponsored' Spying Tool Targeted Govts, Infrastructures for Years

'Regin' - 'State-Sponsored' Spying Tool Targeted Govts, Infrastructures for Years

November 24, 2014Swati Khandelwal
Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. The nasty malware, dubbed "Regin" , is said to be more sophisticated than both Stuxnet and Duqu , according to the researchers at antivirus software maker Symantec Corp. DEVELOPED BY NATION STATE The research showed that the Regin malware is believe to be developed by a wealthy "nation state" and is a primary cyber espionage tool of a nation state because of the financial clout needed to produce code of this complexity with several stealth features to avoid detection. But, the antivirus software maker didn't identify which country was behind it. "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabili
Dragonfly Russian Hackers Target 1000 Western Energy Firms

Dragonfly Russian Hackers Target 1000 Western Energy Firms

July 02, 2014Swati Khandelwal
Gone are the days when cyber criminals focuses only on PCs to spread malwares and target people, whether it’s ordinary or a high profile person. Nowadays, organizations in the energy sector have become an interesting target for cyber minds. Few days ago, security researchers uncovered a Stuxnet-like malware, “ Havex ”, which was also programmed to infect industrial control system software of SCADA systems , with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even shut down a country’s power grid with a single keystroke. RUSSIAN HACKERS HIT 1000 ENERGY FIRMS Recently, a Russian group of hackers known as ' Energetic Bear ' has compromised over 1,000 European and North American energy firms with a sophisticated cyber weapon, similar to Stuxnet, that gave hackers access to power plant control systems, said a security firm. The group of hackers also known as ' Dragonfly ', an eastern European collective that has been active since
Stuxnet-like 'Havex' Malware Strikes European SCADA Systems

Stuxnet-like 'Havex' Malware Strikes European SCADA Systems

June 26, 2014Swati Khandelwal
Security researchers have uncovered a new Stuxnet like malware, named as “ Havex ”, which was used in a number of previous cyber attacks against organizations in the energy sector. Just like Famous Stuxnet Worm , which was specially designed to sabotage the Iranian nuclear project, the new trojan Havex is also programmed to infect industrial control system softwares of SCADA and ICS systems, with the capability to possibly disable hydroelectric dams, overload nuclear power plants, and even can shut down a country’s power grid with a single keystroke. According to security firm F-Secure who first discovered it as Backdoor:W32/Havex.A. , it is a generic remote access Trojan ( RAT ) and has recently been used to carry out industrial espionage against a number of companies in Europe that use or develop industrial applications and machines. SMARTY PANTS, TROJANIZED INSTALLERS To accomplish this, besides traditional infection methods such as exploit kits and spam emails,
Rogue software update cause Malware attack on Japanese Nuclear Power Plant

Rogue software update cause Malware attack on Japanese Nuclear Power Plant

January 10, 2014Wang Wei
The most critical and worst target of a State-sponsored cyber-attack s could be Hospitals, Dams, Dykes and Nuclear power stations and this may cause military conflicts between countries. According to Japan Today , The Monju nuclear power plant in Tsuruga, Japan was accidentally targeted by a malware on 2nd January, when a worker updated the system to the latest version of the video playback program. Monju Nuclear Plant  is a sodium-cooled fast reactor, was launched in April 1994. It has not been operational for most of the past 20 years, after an accident in which a sodium leak caused a major fire. Employees over there are only left with a regular job of company's paperwork and maintenance. So the malware could have stolen only some sensitive documents, emails, training records and employees' data sheets. The Malware command-and-control server suspected to be from South Korea. The malware itself is not much sophisticated like Stuxnet  or Duqu, but the unmanaged software u
Super 'Stuxnet' Malware development in progress to destroy Iran’s nuclear program

Super 'Stuxnet' Malware development in progress to destroy Iran’s nuclear program

December 03, 2013Swati Khandelwal
Saudi Arabia and Israel’s Mossad intelligence division are reportedly collaborating to develop a computer worm more destructive than the Stuxnet malware to spy on and destroy the software structure of Iran’s nuclear program. The Iranian Fars news agency has reported : “ Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel’s Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides’ cooperation in intelligence and sabotage operations against Iran’s nuclear program. ”  “ One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran’s nuclear program ,” But Why ? The report claims that Saudi Arabia and Israel were not particularly happy with the deal between between Iran and the Group 5+1 (the US, Russia, China, France and Britain plus Germany) and Israel has dubbed the deal as “ historic mista
Stuxnet also infected the internal network of a Russian nuclear plant

Stuxnet also infected the internal network of a Russian nuclear plant

November 10, 2013Anonymous
We have a lot of information on Stuxnet virus, a powerful malware that for the first time has shown to governments the capabilities and efficiency of a cyber weapon. Eugene Kaspersky, CEO of Kasperky security firm revealed that Stuxnet had badly infected the internal network of a Russian nuclear plant, according to the information he obtained from an unnamed staffer at the Nuclear Plant. " So unfortunately these people who were responsible for offensive technologies, they recognize cyber weapons as an opportunity ." Kaspersky said. During a presentation given at the Canberra Press Club, Kaspersky provided an excellent overview on the security of cyberspace, in particular highlighting the effect of the activities of state-sponsored espionage and cyber crime. " All the data is stolen, " Kaspersky said. " At least twice ." The malware Stuxnet is widely considered to have been developed by the US Government in a joint work with Israel c
Malware infected International Atomic Energy Agency Computers

Malware infected International Atomic Energy Agency Computers

October 22, 2013Wang Wei
Hackers and malware are everywhere, waiting for you around every corner of the Internet. The International Atomic Energy Agency (IAEA) , which holds highly sensitive information and plays a key role in global efforts to prevent the spread of nuclear weapons, said on Tuesday that some of its computers were infected by malicious software, during the past several months. Malware can typically be used by cyber-attackers to gain remote access to systems, or to steal data, however spokesman Serge Gas said . " No data from the IAEA network has been affected ." The computers were located in common areas of the agency's Vienna headquarters, known as the Vienna International Centre (VIC). A third-party technician or visitor with the USB-drive infected with crimeware can be used to infect the system. " The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further " he said. Last November, the IAEA rev
World War C report - Motives behind State Sponsored Cyber Attacks

World War C report - Motives behind State Sponsored Cyber Attacks

October 03, 2013Anonymous
Nation-state driven cyber attacks are routinely conducted on a global scale to defend national sovereignty and project national power. We are living in the cyber era, human conflict is involving also the fifth domain of warfare , the cyberspace . As never before disputes take place with blows of bits, militias of every government are developing cyber capabilities dedicating great effort for the establishment of cyber units . Network security company, FireEye, has released a report titled " World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks " which describes the effort spent by governments in cyber warfare context, the document analyzes in detail the different approaches adopted by various countries in conducting nation-state driven cyber attacks . Security experts highlight the intensification of state-sponsored attacks for both cyber espionage and sabotage purpose, campaigns such as Moonlight Maze and Titan Rain or the destruc
Snowden Confirms Stuxnet Malware developed by NSA and Israel Together

Snowden Confirms Stuxnet Malware developed by NSA and Israel Together

July 08, 2013Mohit Kumar
In an interview with Germany’s Der Spiegel Magazine, American whistleblower Edward Snowden has Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for specifically target a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled 1,000 centrifuges that the Iranians were using to enrich uranium. Asked whether the NSA collaborates with Israel, Snowden said: " Yes, all the time. The NSA has a large section for that, called the FAD - Foreign Affairs Directorate. "  “ The NSA and Israel wrote Stuxnet together, ” Snowden said when asked if the NSA had any involvement in the Stuxnet program. Last year an even more complex computer virus called Flame was discovered and while initially it was not linked to Stuxnet, further investigation by Kaspersky Labs identified a
Microsoft flaw allows USB loaded with payload to bypass security controls

Microsoft flaw allows USB loaded with payload to bypass security controls

March 15, 2013Wang Wei
During  March Patch Tuesday of 2013 , Microsoft released seven new security bulletins, with four rated as critical, and others as Important. Most interesting one was MS13-027 , which is rated as "important" because the attack requires physical access to the vulnerable machine. This flaw allows anyone with a USB thumb drive loaded with the payload to bypass security controls and access a vulnerable system even if AutoRun is disabled, and the screen is locked. Flaw exposes your Windows PCs to major risk. If you remember Stuxnet, worm was injected to Iran's nuclear program system using USB thumb drive. Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself). To exploit the vulnerability an attacker could add a maliciously formatted USB device to the system. When the Windows USB device drivers enumerate the device, parsing a speciall
Stuxnet 0.5 : Symantec study reveals Stuxnet was dated 2005

Stuxnet 0.5 : Symantec study reveals Stuxnet was dated 2005

February 27, 2013Anonymous
Today social media are spreading a shocking news, authors of Stuxnet virus that hit Iranian nuclear program in 2010 according a new research proposed by Symantec security company started in 2005 and contrary to successive instance of the malware he was designed to manipulate the nuclear facility’s gas valves. The attacker strategy was to destroy the nuclear plant causing an explosion due the sabotage of gas valves, hackers purpose was physical destruction of the targets, due this reason the press and security community labeled Stuxnet as first cyber weapon of the history.  Francis deSouza, Symantec’s president of products and services, during an interview with Bloomberg revealed that the version detected was a sort of beta version of the final weapon and that in the period between 2005 and 2009 the authors were testing its capabilities. “ It looks like now the weapon tried a few things before it hit on what would actually work ,”‘ “ It is clear that this has been a soph
Stuxnet is Back ! Iran reported another cyber attack

Stuxnet is Back ! Iran reported another cyber attack

December 26, 2012Wang Wei
Iran claims to have repelled a fresh cyber attack on its industrial units in a southern province. In the last few years, various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be designed and staged by the US and Israel . A power plant and other industries in southern Iran have been targeted by the Stuxnet computer worm , an Iranian civil defense official says. Iran's news agency reported that the worm attacked the Culture Ministry's Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam. This recent Stuxnet attack was successfully defeated, according to local Iranian civil defense chief Ali Akbar Akhavan. " We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers ," Akhavan said. The sophisticated worm spreads via USB drives and through four previously
Batchwiper malware, new virus targets Iranian computers

Batchwiper malware, new virus targets Iranian computers

December 18, 2012Mohit Kumar
Iranian CERT is sounding the alarm over another bit of data-deleting malware it's discovered on PCs in the country. Dubbed Batchwiper , the malware systematically wipes any drive partitions starting with the letters D through I Drive, along with any files stored on the Windows desktop of the user who is logged in when it's executed Why naming Batchwiper ?  The name was chosen because the malware is packed in a batch file. The malware initiates its data wiping routine on certain dates, the next one being Jan. 21 2013. However, the dates of Oct. 12, Nov. 12 and Dec. 12, 2012, were also found in the malware's configuration, suggesting that it may have been in distribution for at least two months. GrooveMonitor.exe is the original dropper, which is a self-extracting RAR file, once executed it extracts the following files: -- \WINDOWS\system32\SLEEP.EXE, md5: ea7ed6b50a9f7b31caeea372a327bd37 -- \WINDOWS\system32\jucheck.exe, md5: c4cd216112cbc5b8c046934843c579f6 -- \WIND
Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks

Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks

December 17, 2012Anonymous
Stuxnet case is considered by security expert the first concrete act of cyber warfare, a malware specifically designed to hit SCADA systems inside nuclear plants in Iran. The event has alerted the international security community on the risks related to the effects of a cyber attack against supervisory control and data acquisition in industrial environment.  SCADA systems are adopted practically in every industrial control system (ICS) used for the control and monitor of industrial processes that are potential targets of a cyber attack such as a critical infrastructures or a utility facilities. Manufacturing, production, power generation, water treatment facilities, electrical power transmission and distribution and large communication systems are all considered critical asset for every countries and represent privileged targets for cyber attacks. Obtain access to SCADA systems is fundamental step for a attackers that desires to compromise the controlled processes and contrary to
Narilam malware target Iran Financial SQL Databases

Narilam malware target Iran Financial SQL Databases

November 27, 2012Mohit Kumar
Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country’s infrastructure. Malware Dubbed W32.Narilam , is predominantly active in the Middle East, and it has also been detected in the USA and UK. The worm looks for particular words in Microsoft SQL databases and overwrites them. The worm specifically targets SQL databases with three distinct names, alim, maliran, and shahd. Once the targeted databases are found, Narilam looks for specific objects and tables and either deletes the tables or replaces items with random values. On Monday an alert was published on tarrahsystem.com warning of the W32.Narilam threat to its customers. The bulk of the infections thus far have been found in the Middle East, particularly Iran and Afghanistan. Kaspersky Lab took issue with repo
Stuxnet virus also infected Chevron's IT network

Stuxnet virus also infected Chevron's IT network

November 09, 2012Mohit Kumar
Stuxnet , a sophisticated computer virus created by the United States and Israel, to spy on and attack Iran’s nuclear enrichment facilities in Natanz also infected Chevron ’s network in 2010, immediately after it spread into the wild. This Government created virus Now Infecting Corporations also. Chevron oil giant found the virus in its systems after the malware' s existence was first reported in a blog post in July 2010, according to Mark Koelmel, general manager of the earth-sciences department at the big U.S. oil company. The U.S. government has never officially acknowledged the Stuxnet program. Stuxnet  which was designed to attack computer systems designed by German industrial giant Siemens for managing water supplies, oil rigs, power plants and other critical infrastructure has turned up in other countries. According to the Wall Street Journal, Chevron's experience with Stuxnet appears to be the result of the malware's unintentional release into cybers
Israel preparing their Cyber Army under Unit 8200

Israel preparing their Cyber Army under Unit 8200

November 05, 2012Mohit Kumar
The Israeli military has set plans to boost its cyber warfare capabilities with a better Cyber Army by expand its Unit 8200. " It has become clear that the demand for soldiers in this field is growing, which is why we're searching for solutions not only in Israel but abroad as well ," a top officer in the Manpower Directorate. Unit 8200, Israel’s equivalent to the NSA, is undergoing a massive expansion. The U.S. Army ad slogan may be: “ The Army needs a few good men .” But IDF Unit 8200′s slogan is: “ The IDF needs a few good hackers .” Actually not a few, more like hundreds if not thousands. The disclosure comes amid recent reports that the Israeli army is working to enhance its cyber-warfare abilities. Military intelligence chief Maj.-Gen. Aviv Kochavi is slated to invest 2 billion shekels (525 million U.S. dollars) to that end in the coming years. " The military officials are tasked to track “young computer geniuses” and persuade them to immigrate to Israel for
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.