Stuxnet, the cyber superweapon that purportedly damaged an Iranian nuclear facility, was slinking through cyberspace years earlier than previously thought, according to a new cyber security report.
Researchers at Symantec, one of the firms that analyzed Stuxnet when it was first discovered “in the wild” in 2010, said in a new white paper that a previously unknown variant of Stuxnet, called Stuxnet 0.5, was operational between 2007 and 2009 and may have been operating as early as 2005. Researchers had previously believed Stuxnet was created in 2009.
At the time of Stuxnet’s discovery, it was deemed by cyber security analysts one of the most complex and sophisticated cyber weapons in history, the product of years of coding and possibly millions in funding – likely from a nation-state.
No government has publicly taken responsibility for Stuxnet, but The New York Times reported it was one attack in a wave of cyber operations launched by the U.S. and Israel against Iran. The Times report said that the cyber campaign, codenamed Olympic Games, began under President George W. Bush but was “accelerated” under orders from President Obama after he took office in 2009.
Symantec said the date that Stuxnet 0.5 was designed to stop infecting computers was July 4, 2009, America’s Independence Day. A newer version of Stuxnet, called Stuxnet 1.001, had appeared on the scene just a few days beforehand and continued operating after 0.5 called it quits.
Compared to 0.5, later versions “significantly increased their spreading capability and use of vulnerabilities” and “adopted an alternative attack strategy” that targeted spinning centrifuges in the Iranian facility rather than “uranium enrichment valves,” Symantec said.