Continue your mission
The first known cyberweapon, a sophisticated worm that physically destroyed Iranian nuclear centrifuges and fundamentally changed the cybersecurity landscape.
Discovered in June 2010, Stuxnet was a highly sophisticated computer worm that targeted Iran's nuclear enrichment program at the Natanz facility. Widely attributed to a joint US-Israeli operation codenamed Olympic Games, Stuxnet was the first known cyberweapon designed to cause physical destruction to industrial infrastructure. The worm sabotaged uranium enrichment centrifuges by manipulating their rotational speeds while displaying normal readings to operators, destroying an estimated 1,000 centrifuges and setting Iran's nuclear program back by years.
Stuxnet spread through infected USB drives to bridge the air gap protecting the Natanz facility, then propagated across Windows networks using multiple zero-day exploits before reaching its target: Siemens Step 7 SCADA software controlling the centrifuge PLCs.
Stuxnet was unprecedented in its complexity. It exploited four Windows zero-day vulnerabilities simultaneously, used stolen digital certificates from Realtek and JMicron to sign its drivers, and contained two distinct payloads targeting specific Siemens S7-300 PLC configurations. The worm checked for the exact frequency converter models used at Natanz (made by Vacon and Fararo Paya) before activating.
The sabotage payload periodically altered centrifuge rotor speeds between 1,410 Hz and 2 Hz (normal operating speed was 1,064 Hz), causing mechanical stress and gas flow disruptions. Simultaneously, it replayed previously recorded normal operational data to the monitoring systems, creating a man-in-the-middle attack on the physical process. The worm included an infection counter limiting spread to three machines from each infected host and a termination date of June 24, 2012.
Stuxnet fundamentally changed the cybersecurity landscape by demonstrating that cyberattacks could cause physical destruction to critical infrastructure. It birthed the field of industrial control system (ICS) security, prompted nations worldwide to develop offensive and defensive cyber capabilities, and established cyber as a domain of warfare alongside land, sea, air, and space. The operational technology security industry traces its modern urgency directly to Stuxnet's revelation that air-gapped industrial systems were not immune to cyber threats.
CDA Theater missions that address topics covered in this article.
The Enigma machine was an electro-mechanical cipher device used primarily by Nazi Germany during World War II to encrypt military communications.
On November 2, 1988, a Cornell University graduate student named Robert Tappan Morris released a self-replicating computer program onto the ARPANET, the research network that would become the public internet.
Written by CDA Editorial
Found an issue? Help improve this article.