Researchers at Kaspersky Lab have identified the first victims, the so-called ‘patient zeros,' of the Stuxnet worm.
Stuxnet was used by attackers to disable Iranian nuclear centrifuges. Noting that Symantec in early 2011 had established that Stuxnet, widely considered the first cyber weapon, was distributed through five organizations, Kaspersky researchers said they combed through 2,000 files collected over two years to “identify the organizations that were the first victims of the worm's different variants in 2009 and 2010.”
They named Iranian companies Foolad Technic Engineering Co (FIECO), Behpajooh Co. Elec & Comp. Engineering, Neda Industrial Group, Control-Gostar Jahed Company and Kala Electric as the first victims noting that Foolad and Behpajooh develop industrial automation systems, so “clearly, we are also dealing with SCAD/PLC experts here.” Researchers found the Kala Electric attack in particular to be interesting because it “started from three computers at once, on the same day."
