Siemens Says Stuxnet Malware Program Is Attacking Factory-Control Software
Siemens AG, Germany’s biggest engineering company, said hackers created a program that attacks software used to control water-processing plants, power grids and factories.
Siemens said it was notified July 14 that a malicious program dubbed Stuxnet is targeting Siemens’ Simatic WinCC, a supervisory control program that the world’s infrastructure agencies and manufacturers use to acquire and analyze data.
The company alerted customers two days later, Wieland Simon, a spokesman for Siemens Industry, said today in an interview from Erlangen, Germany. Siemens doesn’t know whether the malware is trying to wrest control of Siemens’ application or steal information, Simon said.
“We have found out the software is capable of sending data, and it tries to set up a connection via the Internet,” Simon said. “We don’t know where the data is being sent.”
Siemens said infection, which can occur only when someone attempts to gain access to Simatic WinCC using a USB stick, exploits a security breach in Microsoft Corp.’s Windows operating system. The Munich-based company said it knows of only one system, in Germany, that’s infected.
Microsoft is working to fix the breach, according to Siemens’ website. A patch, which customers can download to detect and remove the malware, will be released tomorrow, Simon said.
Bloomberg moderates all comments. Comments that are abusive or off-topic will not be posted to the site. Excessively long comments may be moderated as well. Bloomberg cannot facilitate requests to remove comments or explain individual moderation decisions.