Before 2010, malware stole credit cards, sent spam, or DDoS'd websites. Stuxnet changed everything. Ideally designed by the NSA and Israel's Unit 8200, it was the first weaponized code intended to cause physical destruction. It managed to jump an "Air Gap" and destroy 1,000 nuclear centrifuges in Natanz, Iran.
The Mission
The Target: The Natanz Enrichment Plant.
The Goal: Delay Iran's ability to build a nuclear bomb without launching an airstrike.
The Method: Make the centrifuges (which spin at supersonic speeds to separate Uranium-235) spin out of control until they shatter, while telling the operators everything is normal.
1. The Infection Vector (Crossing the Air Gap)
Natanz was not connected to the internet ("Air Gapped"). You can't hack it remotely.
Stuxnet was designed to spread via USB Drives.
It likely started by infecting contractors who worked at the facility. When they plugged their USB stick into a laptop at Natanz, the malware jumped.
The LNK Exploit (CVE-2010-2568): Typically, you have to run a file to get infected. Stuxnet used a zero-day in Windows where simply viewing the USB drive icon in Explorer executed the malicious code.
2. Four Zero-Days (Unprecedented Sophistication)
Zero-day exploits are rare and expensive (worth $500k+). Most criminal malware uses zero. Stuxnet used FOUR. This massive investment proved it was state-sponsored.
1. LNK Exploit: For USB propagation.
2. Print Spooler Exploit: To spread across the LAN once inside (Printer Sharing).
3/4. Privilege Escalation: Two separate zero-days to gain Root/System privileges on the workstations.
3. Seeking the specific Prey (Siemens Step7)
Stuxnet was a sniper, not a bomb.
It checked the installed software. Was "Siemens Step7" installed? (Software used to program Industrial PLCs).
If No: It did nothing. It went dormant to avoid detection.
If Yes: It injected itself into the Siemens DLLs.
4. The Payload (PLC Man-in-the-Middle)
The code monitored the Programmable Logic Controllers (PLCs) controlling the frequency converters (which control the spin speed).
The Frequency Attack: The centrifuges normally run at 1,064 Hz. Stuxnet forced them up to 1,410 Hz (causing stress fractures) and then down to 2 Hz (causing wobbling).
The Reporting Hack: While destroying the motors, Stuxnet intercepted the sensor data going to the Control Room screens. It replayed a precorded loop of "Normal Operation" data. The scientists watched green lights while the facility tore itself apart.
Legacy
Stuxnet escaped Natanz and infected millions of computers worldwide. However, since those computers didn't have centrifuges attached, it did no harm.
But it opened Pandora's Box. Now, "Cyber Warfare" targeting power grids, water plants, and hospitals is a reality (e.g., Russian attacks on Ukraine's power grid).