It looks as though Stuxnet will not be the last time Iran’s energy infrastructure will be threatened. The Tehran Times has reported “necessary defensive measures were taken after… malware was detected and removed” from several Iranian petrochemical plants. The plants had been under investigation because “a number of Iran’s petrochemical units… stopped operating wholly or partially due to fires,” the Tehran Times said.
The malware was discovered during this investigation, but was ruled out as the cause of the fires. Initially, threat responders considered a cyber-attack as the culprit until it was determined that the malware payloads had not been activated. According to Iran’s Civil Defense Organization head Gholam-Reza JalaliGholam-Reza Jalali, “The industrial software packages, bought from foreign countries, were already corrupted.” It is possible this is a result of Iran’s bolstered cyber-defense in the wake of the Stuxnet nuclear facility attacks about six years ago. As stated by officials, Iranian cyber professionals have been protecting “sensitive facilities, including nuclear, military, and economy sites.”
Even though this particular malware infection was unsuccessful, the fact that it was an attack on energy infrastructures indicates there will be more attacks to come. The threat actors clearly engaged in an act of cyber war that I am willing to bet is based in some sort of nation-state sponsored operation. Stuxnet was believed to be developed by the United States and Israel, at least according to several top security researchers. I am willing to bet that Iran is already engaging in cyber forensics in an attempt to discover who carried out this unsuccessful attack.
Regardless of who is responsible for infecting the petrochemical plants with malware, it only shows that the cyber war is continuing to escalate. The United Nations in particular ought to take note of this incident and work more diligently to gain control of what is an already out-of-control situation.