In an updated report on the infamous Stuxnet worm, researchers from Symantec called the malware a targeted attack on five organizations in Iran.
The organizations were hit in five separate attacks over the course of 2009 and 2010, according to the firm. Three of these organizations were targeted once, one was targeted twice, and another was targeted three times. A total of 12,000 infections can be traced back to these organizations, the researchers added.
The report mentions three variants that were detected in June 2009, April 2010 and March 2010, respectively. It also notes however that a fourth variant likely exists as a driver file but has never been recovered.
Symantec did not name the five organizations in Iran that were hit, but reports over the past several months have mentioned the uranium enrichment facility in Natanz, as well as the Bushehr Nuclear Power Plant.
In addition to the information about the five organizations being attacked, Symantec also released some additional information about the worm’s code. According to the researchers, Stuxnet had two sabotage strategies often referred to as the 315 code and 417 code. Since the 417 code was disabled, Symantec did not publicly document its intended behavior. This time however, researchers say they have uncovered evidence the code represents a second independent attack strategy.
Symantec’s paper can be read here (PDF).