Iran Responds to New “Stuxnet-Like” Cyber Attack
The ongoing cyber war in Iran appears to have taken another turn in recent days as the state media in that country is airing reports of a new attack against industrial computers in the southern area of Hormuzgan Province.
The thing is, Iranian media, all state-controlled, can’t seem to get their story quite straight on how the government has responded. First there were reports — citing local civil defense officials — that “skilled hackers” helped the country repel and ultimately foil the attack. Later, local reports tracked by Agence France-Press walked back from that version of events.
Whatever the response, the description of the attack describes a new “Stuxnet-like” Trojan, without going into further detail about its capabilities or behavior. If indeed it is a new incidence, the security research firms like Kasperksy and Sophos will be all over it, though they haven’t yet done so.
Stuxnet, you’ll recall, was the super-worm that infected pretty much any and all versions of Microsoft Windows and searched for a specific set of industrial control computers known as Programmable Logic Controllers made by the German industrial giant Siemens. The target was an installation in Iran. Once found, the worm seized control of nuclear centrifuges and made them spin out of control and explode while indicating on screens monitored by plant workers that conditions were otherwise normal. While the U.S. and Israel never officially took credit for the effort, all the clues about its existence pointed to them.
The local reports say the attack occurred within the “last few months,” but it is the second attack in that country brought to public attention in December. Earlier this month, Iran’s Computer Emergency Response Team announced that it had detected a relatively simple Trojan that deletes hard drive partitions on certain dates of the year.
Throughout the year, other bits of malware have been discovered harassing Iranian systems, including Gauss, Flame and Duqu before them. All of them are difficult to trace back to an original attacker, but like the drone strikes against suspected terrorists often said to be carried out by the CIA, the number of interested parties with the required capabilities are few.