• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Malware
  • Stuxnet was dated 2005, Symantec discovered earlier version 0,5

Stuxnet was dated 2005, Symantec discovered earlier version 0,5

Pierluigi Paganini February 27, 2013

Rivers of words have been written on the popular Stuxnet virus, there have been many hypotheses, sometimes contradictory, about its paternity but the only certainty seemed to be the date of its creation, but suddenly the certainty as happens in the best thriller movies has been called into question.

The authors of Stuxnet, the malware that hit Iranian nuclear plant in 2010 interfering with nuclear program of the Government of Teheran, started the operations earlier than previously demonstrated according to a new research proposed by Symantec firm.

According to the study conducted by Symantec, there was a predecessor of the final version of the virus, a development version that was spread in 2005 and the was designed to manipulate the nuclear facility’s gas valves.

The cyber attack was planned to induce serious damage in the nuclear plant targeted, the manipulation of the valves that could cause an explosion, due to this reason Stuxnet is considered the first example of cyber weapon in the history able to cause physical destruction of the critical infrastructures.

The computer attack in 2010 was one of the first known examples of a cyber weapon used to destroy physical infrastructure, according to many experts and to revelation of New Your Times, Stuxnet has been produced by a joint venture of US and Israel experts to hit centrifuges used in the uranium enrichment process in nuclear plant of the country.

Francis deSouza, Symantec’s president of products and services, commented to Bloomberg:

“It looks like now the weapon tried a few things before it hit on what would actually work,”‘ “It is clear that this has been a sophisticated effort for longer than people thought.”

Symantec researchers detected a Stuxnet the early version has a version number within its code, the version is 0.5 and analyzing the date of website domain registration Stuxnet 0.5 may have been used as early as 2005.  Another interesting information on this version of Stuxnet is that he stopped to infect computers on July 4th, 2009, few days before version 1.001 was created.

Stuxnet

 

Stuxnet

Symantec highlighted the differences of version 0.5 with subsequent instances of Stuxnet:

  • Later versions significantly increased their spreading capability and use of vulnerabilities
  • Replacement of Flamer platform code with Tilded platform code
  • Later versions adopted an alternative attack strategy from uranium enrichment valve disruption to centrifuge speed modification

The most important change between the two versions was the strategy of attack of the different versions, earlier Stuxnet  had the ability to shut critical gas valves potentially causing an explosion later version replaced this capability with the one to alter the speed of centrifuges, anyway Stuxnet significantly increased in time its spreading capabilities introducing exploits for various vulnerabilities. 

Another serious implication is on beliefs of relationship between Flame and Stuxnet until now security community believed that Stuxnet authors have had access to Flame modules but not to whole Flame platform source code. The discovery of Stuxnet 0.5 demonstrates that Stuxnet’s authors had access to the complete Flamer platform source code.

The study states:

“Stuxnet 0.5 is partly based on the Flamer platform whereas 1.x versions were based primarily on the Tilded platform. Over time, the developers appear to have migrated more towards the Tilded platform. The developers actually re-implemented Flamer platform components using the Tilded platform in later versions.

Both the Flamer and Tilded platform code bases are different enough to suggest different developers were involved.”

The revelations have unimaginable repercussion on the study conducted since now on the agent, in particular, to better understand the strategy of the attackers and probably to give more clues on its identity.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Stuxnet, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

cyber warfare cyber weapon Flame Israel malware stuxnet Symantec US virus

you might also like

Pierluigi Paganini July 10, 2025
DoNot APT is expanding scope targeting European foreign ministries
Read more
Pierluigi Paganini July 09, 2025
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT