A highly sophisticated worm. 

Natanz, the Iranian uranium enrichment facility

It targeted programmable logic controllers (PLCs) manufactured by Siemens. The PLCs were known to be used in the uranium enrichment process.

Since the targeted Iranian enrichment facility was not connected to the internet (airgapped), the virus had to be injected directly via USB into the facility’s network. From there, the worm spread aggressively to the entire network, exploiting perhaps four different zero-day vulnerabilities in the Windows OS. It looked for computers connected to specific Siemens PLCs, and once they were found, the worm used the PLCs to spin the uranium enrichment centrifuges at a pace that destroyed them. Throughout the attack, signals were sent to system operators indicating normal operation.

The purpose of the attack was to destroy the centrifuges and slow down Iranian nuclear production progress.

An estimated 200,000 computers were also infected with Stuxnet, and it caused significant damage to 1,000 of them. The intention was to keep the worm local in the Iranian nuclear facility, but due to its highly complex and extremely aggressive nature, once it reached a computer connected to the internet, it began to spread throughout the world.

There were three parts to the attack: A worm that executed the payload, a file that executed the dissemination of copies of the worm, and a rootkit that hid the malicious activity and reported to system operators that everything was normal.