Iran Says Stars Virus Intended For Cyber Espionage

worm virus

Iranian officials are currently investigating the effects of the Stars worm, which is suspected to be equipped with espionage features, Brigadier General Gholam-Reza Jalali told Iran's Mehr News Agency.

"Certain characteristics about the Stars worm have been identified, including that it is compatible with the (targeted) system and that the damage is very slight in the initial stage, and it is likely to be mistaken for executable files of the government,” Jalali told the Mehr News Agency.

Specific details about the worm, such as technological capabilities and intended targets are thus far unclear, while security researchers say they have yet to nail down sample code of the Stars virus.

However, Tom Turner, senior vice president of marketing and channel sales for Q1 Labs, said that the broader implication of the worm is that attacks on critical infrastructure will likely be forthcoming in the not too distant future.

id
unit-1659132512259
type
Sponsored post

"The broader implication is that the critical infrastructure, whether it's ours in the U.S. or another country, can and will be the target of cyber espionage. People are starting to wake up to that," Turner said. "I wouldn’t be surprised if this or something not long after turns out to be a targeted attack of critical infrastructure."

The Stars virus allegedly contains characteristics similar to that of the Stuxnet virus, which made headlines last July when it was found to target supervisory control and data acquisition (SCADA) systems found in nuclear power facilities.

The Stuxnet worm, which exploited four critical Windows vulnerabilities, initially spread via USB sticks, and wreaked havoc on many of Iran's nuclear power plants, including the Bushehr and Netanz facilities.

Last week Jalali accused German engineering firm Siemens of being partly responsible for the creation of the Stuxnet virus, intended to sabotage the Iranian nuclear power program. The accusation followed three months after a New York Times report indicating that both the U.S. and Israel were behind the serial Stuxnet attacks on Iran's facilities.

Security researchers say that facilities relying on SCADA systems will likely be vulnerable to more critical infrastructure attacks down the road as the networks continually become accessible with an Internet connection.

"The SCADA network and IT network are no longer physically separate. The days of the isolated network are gone and they are not coming back; the economic forces are too compelling," said Avishai Wool, CTO of security company AlgoSec, in an e-mail. "Hackers no longer need physical access, just a network connection, a way to route packets and a way to bypass traffic filers. These activities are well understood by hackers."

Turner said that in light of the publicity generated around Stuxnet, customers in the energy and power sectors have expressed increased concerns about downtime related to a cyber attack on critical infrastructure. Those concerns have reached an all-time high as critical infrastructure transitions to smart grid and smart meter technology, susceptible to such an attack, Turner added.

"The nature of Stuxnet is so targeted, it makes people pretty nervous about the implications of what if this happens to one of our nuclear facilities or energy plants," he said.