Date of report
  • July 2010
  • Codenamed “Olympic Games” and believed to be the work of the Equation Group
Believed to have been developed as a joint operation between U.S. and Israeli intelligence services, the Stuxnet malware compromised industrial control systems at the Natanz nuclear material enrichment facility in Iran. Stuxnet was specifically designed to cause centrifuges to fail while providing readings to their operators that they were running normally. Reports indicate that the United States pursued the Stuxnet operation as a way of degrading Iran’s nuclear weapons program without resorting to an airstrike or an attack by special operation forces. Stuxnet was the first publicly known instance in which a cyber operation caused physical damage outside of a controlled testing environment. It demonstrated the potential effectiveness and value of a cyber weapon. Many experts and former government officials feared that the attack on Natanz would open the door to other states conducting destructive cyberattacks and Stuxnet would represent, in the words of former Director of the National Security Agency Michael Hayden, a moment when “somebody crossed the Rubicon.” However, nation-states have so far exercised restraint.
Suspected victims
  • Iran
  • Azerbaijan
  • United States
  • United Kingdom
  • Indonesia
  • Pakistan
  • Uzbekistan
  • South Korea
  • India
  • Malaysia
  • Russia
  • Taiwan
Suspected state sponsor
  • Israel
  • United States
Type of incident
  • Sabotage
Target category
  • Military
Victim government reaction
  • Yes
Policy response