Stuxnet – United States tried to use it against North Korea too, report claims

Interesting report by Joseph Menn of Reuters:

The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang’s nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program.

By the sound of things this wasn’t actually the Stuxnet worm, but a different piece of malware (perhaps sharing similar code) that was specifically targeting North Korean systems.

The Reuters report claims that a key reason the attack on North Korea’s nuclear programme failed was because – unlike Iran – the country was too disconnected from the rest of the net.

Of course, it is – as usual – unnamed sources who contribute to this report. Which isn’t perhaps surprising when you consider how upset the White House was over their involvement in the Iranian Stuxnet attack leaking out.

The NSA has declined to comment on the claims of an attack on North Korea. But then it dodged answering questions about the United States’ malware campaign against the Natanz nuclear facility in Iran too.

MissileIsn’t an odd world where America can get seriously uppity over allegations North Korea hacked a movie company, but may have been secretly attempting something much more serious against North Korea’s own nuclear programme?

What should a country take more seriously – attacks against systems involved in nuclear weapons programs, or hacks that break into an entertainment company and reveal what executives think of Angelina Jolie?

Of course, let’s not be fooled. I would be surprised if any advanced country wasn’t using malware to spy across the internet on their enemies (and sometimes even their friends).

Further reading: U.S. tried Stuxnet-style campaign against North Korea but failed – sources

Sign up to our free newsletter.
Security news, advice, and tips.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Stuxnet – United States tried to use it against North Korea too, report claims”

  1. Coyote

    "Isn't an odd world where America can get seriously uppity over allegations North Korea hacked a movie company, but may have been secretly attempting something much more serious against North Korea's own nuclear programme?"

    Depends on your definition of odd. I think it is all but expected and for the purpose of normal/abnormal, the bell curve is used: I don't see this fitting any place unusual. Hypocritical world? That's another issue entirely and unfortunately it is also rather common of governments.

    "What should a country take more seriously – attacks against systems involved in nuclear weapons programs, or hacks that break into an entertainment company and reveal what executives think of Angelina Jolie?"

    The sad reality is they are willing to try to attack such infrastructure (with malware, malware that could be – once caught and reverse engineered – used against the creators, and other things too) which has serious implications (and see part about it being used against the creators) but whine about Sony being attacked. Well you can't have it all. Perhaps if they spent more time doing what they claim is one of their top priorities – improve security – instead of what they do – worsen security in numerous ways – they wouldn't have the problem with Sony. But of course they can't see it that way (because they're naive and foolish enough to not pay attention to important bits of information they become blind) and they never will, either. This is just the nature of humans and especially those who has one downfall – their desire for absolute power will corrupt them. Doesn't matter what country, what kind of person, party or anything in between. At least those who realise this are less likely to be corrupted because others will willing destroy themselves for their glory and power. Would be nice if there was another way, though.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.