Article Lead Image

U.S. attacked North Korea with the Stuxnet virus in 2010

Virus famous for successful attack against Iran used covertly.


Curt Hopkins


Posted on May 29, 2015   Updated on May 28, 2021, 5:23 pm CDT

The Stuxnet virus is primarily known for its use against Iran’s Natanz-based nuclear weapons development program in 2010. It delayed that country’s progress for several years (though that is not universally believed to be the case). It was developed, it is now commonly believed, by the U.S. in conjunction with Israel.

However, it now turns out that the National Security Agency attempted to use it against North Korea’s nuclear program at the same time. This attack, also in 2010, was unsuccessful, according to a report by Reuters.

The North Korean Stuxnet variant was designed to activate when it interacted with Korean language settings on an infected machine. North Korea uses much of the same Siemens-manufactured machinery and Siemens-written software running on the Windows platform that Iran does, which is what Stuxnet was designed to impede, by frustrating the centrifuge speed controls.

Conducted in tandem with “Olympic Games,” as the Iran campaign was named, American agents were, according to a “high-ranking intelligence official,” unable to gain access to North Korea’s “core machines” at its one known facility, Yongbyon. 

The hermit kingdom has extreme devotion to secrecy as well as the isolation of its communications. The closed system of what passes for the Internet there, called the “Kwangmyong,” has made it a difficult to infect, despite some hackers’ protestations to the contrary. It has only one connection to the global Internet, through China, and that connection is under the sole control of the government.

U.S. intelligence, primarily through the NSA, conducts what seems to be countless numbers of cyber-espionage campaigns. The U.S. Department of Defense’s Cyber Command, which has recently sought to renew a hiring directive to add 3,000 additional hackers, conducts a great number of offensive cyber operations each year. According to leaked documents, in 2011 alone, the U.S. launched 231 such attacks and spends $4.3 billion yearly on doing so.

However, until now, only the Iran attack produced damage to enemy infrastructure. Had the North Korean attack proven successful, that campaign would have been added to the list.

North Korea is one of the primary nation-state sources of American concern globally, with its nuclear program’s status and its unpredictable leadership creating a seemingly deadly geopolitical cocktail.

Although the NSA was apparently unable to get the virus into the North Korean nuclear machines, some related viral code was found in the country, according to Costin Raiu of the security company Kaspersky Lab. He told Reuters that infected software “digitally signed with one of the same stolen certificates that had been used to install Stuxnet,” was submitted to the malware library at VirusTotal. Raiu said that although the software had been submitted from a Chinese IP address, the contact who uploaded it for analysis insisted it had come from a North Korean computer which had been infected in March or April of 2010.

The archaeology of Stuxnet seems neverending. Symantec discovered elements of the code that go back all the way to 2005. And who knows where we will find it has gone in the future?

Illustration by Fernando Alfonso III

Share this article
*First Published: May 29, 2015, 8:40 pm CDT