Stuxnet, identified by security researchers in 2010, broke the pattern of earlier malware. Symantec’s technical analysis, the “W32.Stuxnet Dossier” by Nicolas Falliere, Liam O Murchu, and Eric Chien, opens by calling it “one of the most complex threats we have analyzed” and explains that its ultimate goal was “to reprogram industrial control systems” rather than to steal data or extort money.
The worm spread through Windows machines, in part by exploiting previously unknown software flaws - zero-day vulnerabilities - and then sought out a very specific target: Siemens programmable logic controllers (PLCs) of the kind used to run industrial equipment. On systems that did not match its intended configuration, it largely lay dormant, which is part of why it went undetected for so long.
What set Stuxnet apart was that its payload was meant to act on the physical world. The Symantec dossier documents how it altered the behavior of the controllers it found, interfering with the machinery they governed. It is widely understood to have targeted the centrifuges in Iran’s uranium enrichment program, making it one of the first pieces of software credited with causing physical damage to industrial hardware.
The dossier was preserved as a primary source by the National Security Archive at George Washington University. Stuxnet reframed the stakes of computer security: a worm was no longer just a threat to data and uptime but a tool that could reach across a network and break things in the real world.