Danger USB! Malware infects UN Nuclear Agency computers

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

IAEA An internal investigation has discovered that some of the computers at the International Atomic Energy Agency (IAEA) headquarters in Vienna have been infected for months with data-stealing malware.

However, the organisation – which reports to both the UN General Assembly and Security Council – says it believes that its network was not compromised.

Reuters, which first reported on the security incident after seeing a confidential note sent to member states, quoted agency spokesman Serge Gas, who confirmed some details:

Data from a number of Vienna International Centre (VIC) visitors’ USB drives (data memory sticks) is believed to have been compromised. The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further. No data from the IAEA network has been affected

Sign up to our free newsletter.
Security news, advice, and tips.

As Kevin Townsend at InfoSecurity Magazine reports, there’s something a bit odd here.

Normally, USB-aware malware has no qualms about infecting USB devices as they are inserted into infected PCs. But on this occasion, it appears that the malware was designed to harvest information from USB sticks as they were plugged into compromised computers.

In short, the intention wasn’t to spread – but to gather information.

This theory is given more credence by the acknowlegdement that the infected computers were located in the Vienna International Centre, a common area of the IAEA headquarters were staff and state officials work and meet.

Vienna International Centre. Creative Commons

Users of these shared computers might be very careful not to copy sensitive files from their USB sticks onto the PCs. But what if malware on those computers were secretly and silently harvesting any contents of plugged-in USB sticks anyway?

My hunch is that this was an attack, targeted against people who used the computers in the common area of the UN’s nuclear agency, with the intention of grabbing sensitive and confidential information.

The big questions that remain unanswered are this – who was behind the attack, and what happened to the sensitive data that the malware scooped up?

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

One comment on “Danger USB! Malware infects UN Nuclear Agency computers”

  1. Martin Hepworth

    Iran getting its own back for the Stuxnet infection ???

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.