Skip to main content
  1. Home
  2. Computing
  3. Web
  4. Legacy Archives

Kaspersky: Stuxnet and Duqu had same developers, started as early as 2007

Add as a preferred source on Google
IranUranium
Image used with permission by copyright holder

The Stuxnet worm may go down in history as one of the first known instances of cyber warfare, since it appears to have been crafted specifically to disrupt Iran’s ambitions to refine weapons-grade uranium. Earlier this year, the related Duqu worm appeared—although it appears to have a different, unknown purpose. Although there has been speculation that Stuxnet and Duqu are related, Kaspersky security researcher Alexander Gostev says the two worms have to have been developed by the same team—and they may have gotten started as early as 2007.

“There were a number of projects involving programs based on the ‘Tilded’ platform throughout the period 2007-2011,” Gostav wrote. “Stuxnet and Duqu are two of them—there could have been others, which for now remain unknown.”

Recommended Videos

Researches refer to the worm platform as “Tilded” because of the authors’ propensity for starting file names with “~d.” But the similarities are much deeper, with the worms sharing the same fundamental architecture. Through analyzing drivers—including some unusual (and potentially unique) finds associated with Duqu infections—Kaspersky concludes the platform got started as a single-driver effort in 2007 or 2008, and got its most significant modifications in mid-2010. Kaspersky’s analysis also concludes there was “at least” on other spyware module built on the same platform back in 2007 or 2008.

Duqu/Stuxnet evolution
Image used with permission by copyright holder

The Stuxnet worm set off a frenzy of speculation amongst security researchers because of its complexity. Where most malware packages together a small set of functions around a small set of exploits so they can get into the wild quickly, Stuxnet contains more than 4,000 functions and functionality specifically targeting industrial control equipment—in fact, Stuxnet is so specific that it likely was crafted only to target Iran’s nuclear enrichment facilities. Duqu sports a similar complexity, and researchers at the Budapest University of Technology and Economics CrySyS lab (who discovered Duqu) speculate it is designed to steal industrial control design materials.

Some industry watchers have speculated that Stuxnet and Duqu may be the work of state-sponsored malware development efforts, with Israel and the United States often considered possible sources for the Stuxnet worm.

Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
macOS clipboard app Maccy has a fake out there stealing passwords
PamStealer malware is disguising itself as Maccy to target Mac users
Depicting of the Maccy clipboard app for macOS on a laptop with letters inb the background.

A fake version of Maccy, a popular clipboard manager for macOS, is being used to deliver a newly discovered Mac malware strain called PamStealer. Researchers at Jamf say the malware impersonates the real open-source app, but its actual purpose is to steal data and capture a victim’s login password.

PamStealer arrives as a disk image containing an AppleScript file that impersonates Maccy. Once the user opens that file, macOS launches it in Script Editor, where the on-screen instructions tell them to press Command-R. To someone expecting a normal app installer, that may look like an odd setup step. In reality, that action runs hidden malware code and starts the attack.

Read more
A new technology teaching drones to feel pain could stop your self-driving car from harming itself
Drones first, autonomous cars next. A pain-sensing system that detects failure before it happens has real stakes for self-driving vehicles.
Transportation, Vehicle, Car

When you sprain your ankle in the middle of a run, your body sends a pain signal to your brain, forcing you to stop. Essentially, the ability to sense pain stops you from pushing through the injury and causing further self-harm.

Researchers at Delft University of Technology and Wageningen University have applied this exact concept to drones, giving them a digital equivalent of a nervous system that recognizes a faulty part and triggers a pain-like warning signal. What's even more interesting is that the technology could find use in self-driving cars.

Read more
Claude Fable 5 is leaving subscriptions, but maybe not for good
High demand is pushing Claude Fable 5 out of subscriptions for now
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic’s most advanced publicly available Claude model is still leaving standard subscription access after July 7, but the company is now trying to calm fears that the move is permanent.

Fable 5 recently returned to Claude after drawing scrutiny from the U.S. government. Anthropic said it would be included on Pro, Max, Team, and select Enterprise plans for up to 50% of weekly usage limits through July 7. After that date, the model is set to move to usage-credit billing, meaning users will pay for access outside their regular plan limits.

Read more