Categories: SecurityWorkspace

Siemens Patches Stuxnet Flaws Even Though Super-Virus Is Dead

Siemens has patched vulnerabilities that were used by the notorious Stuxnet worm to disrupt Iranian nuclear enrichment projects in 2010.

The flaws were in Siemens software known as Simatic STEP7 and Simatic WinCC software. Siemens said the vulnerabilities dated back to 2010, although it did not mention Stuxnet in its advisories.

Stuxnet was believed to have set back Iranian nuclear progress by two years by interfering with processing plants. It was capable of four exploits – something unprecedented at the time it was discovered – and targeted Siemens SCADA equipment, used in industrial facilities to automate production processes.

Past its ‘kill date’

Yet the worm, which is believed to have been created by the US and Israeli governments, has officially gone out of operation. It had a “kill date” of 24 June, meaning it has stopped spreading.

Siemens patches may have taken time and are now redundant when it comes to protecting against Stuxnet, but they could help prevent infections of similarly sophisticated malware in the future.

Meanwhile, F-Secure’s chief research officer, Mikko Hypponen, has reported on fresh complaints from Iran that its nuclear systems have been targeted by another cyber attack. Hypponen received emails from a scientist working at the Atomic Energy Organization of Iran (AEOI), claiming the popular hacking tool Metasploit had been used to penetrate systems and the attackers had access to the body’s VPN.

“I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom,” one message read.

“There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.”

Hypponen said he could not confirm any of the details. “However, we can confirm that the researcher was sending and receiving emails from within the AEOI,” he added.

Are you a security geek? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago