How Stuxnet changed cyber warfare, and why it still matters in the Age of AI | Explained News

    0
    1


    The proliferation of artificial intelligence is rapidly transforming warfare, with military applications spanning intelligence, autonomous systems and cyber operations. AI models such as Fable and Anthropic’s Mythos present the latest evolution of cyber warfare.

    But long before these models, there was Stuxnet. Discovered in 2010, it was the world’s first known cyber weapon, demonstrating that malicious code could inflict physical destruction on critical infrastructure rather than merely stealing data or disrupting networks. This marked a turning point in cyber warfare, with its technical innovations paving the way for offensive cyber capabilities.

    Though Stuxnet was first identified in June 2010 by Belarusian malware expert Sergey Ulasen, it entered the global spotlight on July 15, 2010, when investigative journalist Brian Krebs revealed its existence. State-sponsored cyber operations have been part of national security strategies since the 1990s, with campaigns such as Moonlight Maze, Titan Rain and Operation Aurora carrying out espionage, data theft and disrupting networks.

    Operation Olympic Games, reportedly carried out by the United States and Israel to disrupt Iran’s nuclear programme using Stuxnet, presented a sea change in this paradigm. Security journalist Kim Zetter described Stuxnet as the world’s first cyber weapon because it shattered the boundary between the cyber and physical worlds. The malware’s unprecedented sophistication, years of undetected operation and precision targeting made it the blueprint for subsequent cyber operations and a warning for the upcoming AI era.

    How the Stuxnet attack unfolded

    Even today, Stuxnet remains the most complex targeted malware the tech community has ever witnessed. It was the first known malicious code designed to cross the cyber realm into the physical world and inflict real damage on a country’s critical infrastructure, in this case nuclear centrifuges at Iran’s Natanz.

    Iran’s Natanz facility was air-gapped (not connected to the internet), necessitating the use of flash drives to deploy the virus. The operation initially targeted five vendor companies that supplied parts to Natanz and had frequent personnel movement back and forth to the facility. When the USB-infected vendor computers were finally connected inside the Natanz facility, the breach happened.

    Story continues below this ad

    The malware initially infected the Microsoft operating system, but its precision target was Siemens industrial software such as STEP7, WinCC, and PCS 7 etc — used to programme and monitor PLCs (Programmable Logic Controller which controls motors and valves etc) and SCADA (Supervisory Control and Data Acquisition, a central control system).

    After gaining access to the PLCs controlling the centrifuges, Stuxnet remained silent for days while recording normal operations. It then launched planned sabotage cycles by periodically altering valve pressure and centrifuge speed, thereby disrupting the uranium enrichment process.

    Throughout this sabotage, it fed prerecorded routine data into the SCADA system to make it appear normal to engineers at Natanz, thereby concealing the attacks and preventing them from taking any corrective action. According to the IAEA, the number of centrifuges that became inoperable increased sharply starting in 2009, coinciding with the beginning of Stuxnet.

    A template for future cyber operations

    Stuxnet marked a historic shift as its technical and strategic framework was employed not only states, but also by non-state actors such as ransomware groups. Duqu (2011), Flame (2012) and Havex (2013) borrowed Stuxnet’s architecture and shared many of its technical characteristics.

    Story continues below this ad

    Without using any missile or conventional kinetic force, Stuxnet showed that code alone can cause physical damage to a country’s critical infrastructure. It moved beyond network disruption or espionage to achieve sustained physical sabotage, and reportedly set back Iran’s uranium enrichment program by several years.

    Further, it laid bare the vulnerabilities arising from digitalisation of Operational Technology (OT) and Industrial Control Systems (ICS), the hardware and software that monitor and control the physical devices in industrial infrastructure facilities. SCADA/ICS systems power today’s critical infrastructure, including nuclear facilities, energy grids, pharmaceutical manufacturing, chemical processing, oil refineries and communication networks. By targeting this layer, Stuxnet showed that cyber operations could directly disrupt physical systems with significant implications for national security.

    This approach was visible in the 2016 Ukraine power grid attack, where the Industroyer malware autonomously manipulated industrial control systems disrupting the critical infrastructure.

    Subsequently, Triton (2017) targeted the safety instrumented systems of a Saudi Arabian petrochemical plant and compromised its industrial safety mechanisms.

    Story continues below this ad

    More recently, Pipedream (2022) demonstrated a scalable, modular attack aimed at disrupting multiple industrial systems like oil and LNG facilities, while also compromising safety systems.

    A warning for the Age of AI

    In the age of AI, Stuxnet serves as a reminder that the continued integration of critical infrastructure with AI and other emerging technologies presents new vulnerabilities, targets and strategic opportunities for cyber operations.

    As of 2026, AI agentic models have become increasingly integrated into OT and ICS, leading to unprecedented automation and increasing the speed, scale and sophistication of identifying vulnerabilities and conducting cyber operations without minimal human intervention.

    For example, Anthropic’s Mythos AI model can autonomously identify and exploit multiple zero-day vulnerabilities in ageing, widely used operating systems essential for critical infrastructure, without human involvement. In September 2025, Mythos reportedly uncovered a largely AI-orchestrated cyber espionage campaign with minimal human input.

    Story continues below this ad

    More than 15 years since its discovery, Stuxnet’s technical and strategic legacy continues to shape cyber operations and becomes more consequential with the acceleration of AI-assisted cyber warfare.

    Anubha Gupta is a Research Associate at the Indian Council of World Affairs, New Delhi.





    Source link

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here