FINAL WORD
be controlled remotely by attackers.
Physical impact: None, although it
is reported that attackers exfiltrated
operational blueprints for SCADA
systems and even collected data.
2010: Stuxnet was a computer
worm found spying on and
reprogramming industrial systems at
Iran’s Natanz nuclear facility. This
virus intercepted and made changes
to data to a Programmable Logic
Controller (PLC).
Physical impact: Destroyed a fifth of
Iran’s nuclear centrifuges
2014: The two next viruses were
found in the wild in 2014 but
there were no reports received
from the impacted organizations.
Havex was distributed as trojanised
SCADA software downloads from
compromised vendor websites. It
scanned the local network for servers
that collect data from industrial
equipment and sent collected data to
a command and control server. Here,
the hackers’ motivations were data
stealing and spying.
Physical impact: None
Blacken was found on a command
and control server of an existing
botnet. It targets users of the SCADA
software, GE Cimplicity, and installs
executables to the software’s home
directory. Some of these executables
are bots that can be commanded
remotely. It also references Cimplicity
design files but their exact use is not
yet understood.
Physical impact: No reported cases
Last but not least, according to a
report by the German Federal Office
of Information Security (BSI), a
targeted attack on the computer
network of a German steel mill in
2014 resulted in massive damage.
The attackers used spear phishing
e-mails and sophisticated social
engineering to gain access to the
steel mill’s office network, leading
them to the production network.
The report describes their technical
www.intelligentcio.com
ABOUT
Ruchna Nigam is a malware researcher
at FortiGuard Labs, the Threat Research
and Response division of Fortinet. On
a daily basis she works on the reverse
eng