Stuxnet is Back! No, new agencies have misunderstood

Everytime a news related to Stuxnet is spread in internet immediately the world wide security community writes on cyber war and the possible consequences of a cyber attacks, but what is really happened this time?

Iranian authorities claim to have rejected a new cyber attack against industrial units located in the south of the country, but this doesn’t represent a novelty because Iran and its infrastructures have been hit during last years by different cyber offensives.

Many security experts and journalists blame governments of US and Israel as author of the dangerous cyber weapon Stuxnet, they have concentrated the effort to create a malware able to interfere with nuclear program of Iranian government.

Several years after its discovery the Stuxnet virus has hit a power plant and other industries in southern Iran according a declaration of an Iranian civil defense official.

Iranian news agency Fars revealed that a malware Stuxnet-like attacked the Culture Ministry’s Headquarters for Supporting and Protecting Works of Art and Culture and was reportedly sent from Dallas via switches in Malaysia and Vietnam.

The Iranian Students’ News Agency confirmed that the country’s Passive Defense Organization  had detected a computer virus offensive that hit an electric utility, the Bandar Abbas Tavanir Co, and other unspecified manufacturing industries in southern Hormozgan Province, home to a large oil refinery and container port in the provincial capital of Bandar e Abbas.

But Stuxnet is a well-known malware, and Iranian government has detected it successfully preventing any diffusion inside the networks of the country. The chief of the Passive Defense Organization’s provincial branch, Ali Akbar Akhavan, commented the event with the following statement:

“We were able to prevent its expansion owing to our timely measures and the cooperation of skilled hackers,”

Akhavan added that the malware was “Stuxnet-like”

There aren’t currently reliable information on the extent of any damage to structures, and unknown is also the real nature of the attacks. According some cyber security specialists the attacks could be a response of US and Israel for the cyber offensives that hit US financial institutions and also Saudi Arabian oil industry, but sincerely speaking I believe that we are facing with an ordinary and planned offensive that is totally independent from other events.

Iran is a privileged cyber targets and events like this are very common, I don’t understand the real motivation for the use of Stuxnet like malware, a cyber threat that could hardly produce effects desired due its past.

But … few hours after  the scenario totally changed, the same Ali Akbar Akhavan clarified:

“At a press conference we announced readiness to confront cyber attacks against Hormuzgan installations, which was mistakenly reported by the agencies as a cyber attack having been foiled,”  

Despite earlier on Tuesday, ISNA news agency quoted him as saying:

“A virus had penetrated some manufacturing industries in Hormuzgan province, but its progress was halted with … the cooperation of skilled hackers.”

What is really happened? Do news agencies created a non-case?

We’re probably before the nth propaganda campaign, during the last year other effects have been observed by Iranian cyber defense such as continuous network slowdowns and other mysterious attacks against national offshore oil and gas platforms.

While in cyberspace the dispute appears very active the world wide politics hope that diplomatic negotiations will be re-opened to solve the nuclear confrontation stalled since last summer.

Will diplomacy solve the situation? Who really benefits  this tension? It’s a mission impossible!

Pierluigi Paganini