Malware Targets Uranium Enrichment Facility

Event Year: 2010 Reliability: Confirmed
Country: Iran
Industry Type: Power and Utilities

Anti-virus specialists in Belarus discovered a worm, known as Stuxnet, that propagates by exploiting a previously unknown Windows vulnerability.  Once the machine is infected, a Trojan looks to see if the computer is running Siemens’ Simatic WinCC or PCS 7 software. The malware then automatically uses a default password that is hard-coded into the software to access the control system’s Microsoft SQL database. The password has been available on the Internet for several years.  An estimated 10,000 machines, mostly in US, Iran, Iraq and Indonesia, reported infections within the first week. 

Iranian sources confirmed that the Stuxnet malworm shut down uranium enrichment at Natanz for a week from Nov. 16 to 22, 2010.  The centrifuge spinning speed was fluctuating without the monitors detecting any malfunction.  The International Atomic Energy Agency (IAEA) director, Yukiya Amano, reported the shutdown to the IAEA board in Vienna on Tuesday, Nov. 23, 2010. The Director of Iran’s Nuclear Energy Commission, Ali Akbar Alehi, said “Fortunately, the nuclear Stuxnet virus has faced a dead end”.


Uranium enrichment was shut down for at least one week in November 2010.

Action Description: This incident largely remains under investigation at this time