Britannia Radio

Iran nuclear facilities struck down by midnight 'thunder'

Iran's nuclear program has been hit by a cyber virus that has shut down key computerised functions at two facilities and played music by the rock band AC/DC at loud volumes, according to a report on internet security website F-Secure.

The website earlier this week said that it was informed of the cyber attack by a scientist working at the Atomic Energy Organisation of Iran (AEOI), who sent F-Secure an email detailing the breach.

F-Secure had confirmed the email came from within AEOI.

The email said: "Our nuclear program has once again been compromised and attacked by a new worm ... The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am [a] scientist, not a computer expert.

"There was also some music playing randomly on several of the workstations during the middle of the night, with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."

The two facilities in question are the Natanz facility, which was the target of the Stuxnet attack, and a facility located near Qom, Iran.

Iran's cyber security experts working on the issue wrote to scientists, stating that they believe the attacker had access to the facilities' VPN and had used the popular open-source exploitation framework Metasploit to gain access to its systems. Metasploit itself enables computers to be scanned, mostly autonomously, for known vulnerabilities, making it an easy way for attackers to infiltrate systems without necessarily understanding how the exploit works.

Iran's nuclear program has been a frequent target of cyber attacks, which the country's leaders have blamed on Israel and the United States.

Topics: Security, Malware

http://www.f-secure.com/weblog/archives/00002403.html

MAIN INDEX    ARCHIVES    ABOUT US    F-SECURE LABS    SAMPLE ANALYSIS    MAC & LINUX BLOG    SAFE AND SAVVY    TWITTER/F-SECURE    @FSLABS    @FSLABSADVISOR    @MIKKO    FS@FACEBOOK    FSLABS@FACEBOOK    YOUTUBE/FSLABS    YOUTUBE/FSNEWS    TRY F-SECURE	<<< Monday, July 23, 2012 >>>   Emails from Iran Posted by Mikko @ 10:22 GMT | Comments Over the weekend, I received a series of emails from Iran.  They were sent by a scientist working at the Atomic Energy Organization of Iran (AEOI).  The scientist reached out to publish information about Iranian nuclear systems getting struck by yet another cyber attack.  He wrote: I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.  According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.  There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC. I'm not sure what to think about this. We can't confirm any of the details. However, we can confirm that the researcher was sending and receiving emails from within the AEOI.