The Remarkable 10th Anniversary of Stuxnet
Analytical Summary of the SolarStorm Cyber Espionage Campaign
Copyright (c) 2021 Selján Gábor
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
The copyright to this article is transferred to the University of Public Service Budapest, Hungary (for U.S. government employees: to the extent transferable) effective if and when the article is accepted for publication. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.
The author warrants that this contribution is original and that he/she has full power to make this grant. The author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors.
An author may make an article published by University of Public Service available on a personal home page provided the source of the published article is cited and University of Public Service is mentioned as copyright holder
Abstract
It has been ten years since Stuxnet, a highly sophisticated malware that was originally aimed at Iran’s nuclear facilities, was uncovered in 2010. Stuxnet is considered to be the first cyber weapon, used by a nation state threat actor in a politically motivated cyberattack. It has significantly changed the cybersecurity landscape, since it was the first publicly known malware that could cause physical damage to real processes or equipment. Its complexity and level of sophistication, due to the exploitation of four different zero-day vulnerabilities in Windows and the usage of two stolen certificates, has triggered a paradigm shift in the cybersecurity industry. The recently uncovered cyber espionage campaign known as SolarStorm is a worthy anniversary celebration for Stuxnet. Especially because now the tables have turned. This campaign targeted the United States Government and its interests with a highly sophisticated supply chain attack through the exploitation of the SolarWinds Orion Platform used by thousands of public and private sector customers for infrastructure monitoring and management. In this article, I attempt to summarise the key points about the malware deployed in the SolarStorm campaign that can be drawn from reports available at the time of the writing.