Chevron confirms 2010 Stuxnet hit

Share this article:

Chevron becomes the first U.S. company to confirm a network hit by the Stuxnet virus, an incident that reportedly occurred back in 2010 when the malware – designed to interfere with critical infrastructure operations – was discovered.

CIO Journal, Wall Street Journal's tech news service, broke the news Thursday afternoon, and interviewed Mark Koelmel, the oil giant's general manager of the earth sciences department.

“I don't think the U.S. government even realized how far it spread,” Koelmel told the publication.

When Stuxnet was made public in June 2010, a New York Times article contended that the worm was a creation of the United States and Israel to undermine Iran's nuclear program, where infections were primarily centralized.

Because of Stuxnet's history, it is believed that Chevron's encounter with the worm was accidental – a case of the sophisticated malware running loose beyond its intended targets.

A Chevron spokeswoman told CIO Journal that the company wasn't negatively impacted by the virus. SCMagzine.com reached out to Chevron for comment, but the company did not immediately respond.

Stuxnet is designed to target specific controls, the Siemens supervisory control and data acquisition (SCADA) systems, which manage and monitor critical industrial processes.

Aviv Raff, CTO of Seculert, which specializes in cloud-based advanced threat detection, told SCMagazine.com on Friday that it is likely that other U.S. companies have been impacted by Stuxnet. He is not surprised they haven't come forward.

“I do think there are other companies that are keeping quiet and this is normal behavior,” Raff said. He added that a company the size of Chevron would be a “reasonable” mistake given its operations, which fit the category of the malware's destructive aims.

Philip Kim, the CEO of South Korea-based AhnLab, which provides advanced persistent threat (APT) mitigation solutions for end-user clients and has U.S. operations, said that APT saboteurs are often watching and waiting for the right moment to strike.

Businesses and organizations should be aware that attackers, especially with nation-state backing, are bounds ahead of standard detection methods, like anti-virus programs, he said.

“In terms of APT [perpetrators], they are being hired for this crime,” Kim said. “We need to think about the timing other than just remediating this new malware. Anti-virus programs update the software with new signatures, but they are checking it just before it's updated. They know the timing, so they attack before the update.”

Share this article:

Sign up to our newsletters

More in News

CyberMaryland conference returns, hosts job fair for military vets

The conference will be anchored by the Maryland Cyber Challenge and Competition, a security job fair, and more.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.