Research: Zero Days | Stuxnet Documentary

in #tech14 hours ago

image.png

I'm working on a video that is approx. 40% done.

I started it 2 days ago, and the idea is to finish it this week which might be like a personal record for me.

The video is about the malware/exploits attack discovered last month in the Arch Linux AUR packages.
Two years ago I had planned to do a video about the Linux XZ Supply Chain Attack from 2024, but I ended up scrapping it for a different news story.

The XZ Backdoor was considered by many experts to be a state-sponsored attack, and that's led me down a bit of a rabbit hole which ended up in me finally watching this documentary about Stuxnet from 2016 called Zer0 Days which is very good.
I would highly recommend it.

For those who don't know, Stuxnet was discovered in 2010 as the most sophisticated worm/exploit.
It used four different zero day exploits; meaning vulnerabilities in systems that are not known to anyone.
These are rare and they are extremely valuable, and to use 4 of them in one exploit is unusual because they are so valuable only while they are unknown.

Stuxnet is believed to have originated from both The Equation Group associated with US intelligence, and Unit 8200 of Israeli's intelligence.
Stuxnet infected Windows computers worldwide, and includes both user mode and kernel mode rootkit ability under Windows and its device drivers have been digitally signed with the private keys of two public key certificates that were stolen from separate well-known companies, JMicron and Realtek.
These keys are not held in systems connected to the internet, and therefore had to be stolen from the physical offices which were located in the same industrial park in China.
Realtek is the most widely used chipset on motherboards of most Mac/Windows computers, and Stuxnet would pose as a verified(signed) audio driver module.
Jmicron's chipsets are common controllers for USB & networking(I think).
The worm could propagate itself on local area networks, and through removable USE drivers.
The intent was to infect ALL Windows computers, and from there it would look for it's real target.
It's real target was Siemens PLC's or Programmable Logic Circuits.
These are industrial controllers from the 1980's, and more specifically ones that were being used in Iran. So this worm infected most of the world just to reach these very specific devices in Iran.

What Was Stuxnet's Real Goal?

To cause the Siemen's PLC's to destroy Iranian oil pipelines, and the centrifuges used in their nuclear program.

Other State-Sponsored Exploits/Attacks

Stuxnet is very well known.
But I've also been looking into other worms/trojans associated with Stuxnet: Grayfsh, Duqu,Flame/sKyWiper, and EternalBlue.

EternalBlue especially hits close to home. In 2019 it infected a huge portion of Baltimore City's government computers, and resulted in resignations of top-brass for the city.
But Stuxnet itself was likely partially written just a few miles from where I live. A particular military base that I've personally set foot on. It's all talked about in the documentary.

I've taken lots of notes, and I might do a video about some of these subjects. Hah, I've gotten sidetracked from the one I'm working on right now just to write this out.
Just today I learned of a massive botnet run through NutNet, and existing on cheap Android television devices that is tied to many Israeli firms/companies. I took notes, as it could make a decent video too I think.

Anyways, thanks for reading.
Video & a full write up about the AUR Exploits soon to follow.

Sort:  

These things are so sophisticated now with state-level groups working to disrupt other countries. Scary stuff. I haven't seen that documentary, but I will look out for yours.