US Tried to Fire ‘Stuxnet’ Malware at North Korean Nuke Plant

Written by

The United States tried and failed to use the infamous Stuxnet worm to disrupt North Korea’s nuclear facilities, according to several intelligence sources.

The unnamed “people familiar with the covert campaign” told Reuters that US spies developed a related piece of malware which would activate when it encountered the Korean language on an infected machine.

The plan, which was hatched at the same time as the Stuxnet campaign against Iran’s nuclear program, failed because NSA operatives couldn’t get it onto targeted systems.

North Korea, and its ICT systems, are among the most isolated in the world.

Only a tiny fraction of the country’s population are even allowed on the world wide web, and anyone wanting to own a PC must apply for a license – meaning there were relatively few options available to US spies.

Iran is relatively open by contrast, with citizens able to browse the global internet.

Experts spoken to by the newswire claimed that US spooks had probably tried to get the malware onto core target systems in North Korea via equipment imported from Iran, Pakistan or China.

It’s thought that Pyongyang’s nuclear program uses similar hardware and software to that of Iran, so the tweaks needed to make Stuxnet work in the hermit nation would not have required much time or money.

Iran and North Korea signed a deal back in 2012 to co-operate more closely in areas such as IT, biotech and renewable energy, including joint R&D projects.

Stuxnet first leapt to fame in 2009 when it emerged that the worm – which featured an unheard of four zero-day exploits – had been used to disrupt Iran’s nuclear program.

It was designed to infect Siemens industrial control software, damaging the centrifuges that play a key role in the uranium enrichment process.

Operation Olympic Games, as it was called, is thought to have been a joint NSA/Israeli project to disrupt the nuclear research and development work undertaken at Iran’s Natanz facility. 

What’s hot on Infosecurity Magazine?