Security Experts:

Stuxnet Infected Chevron's Network in 2010

The infamous Stuxnet virus infected Chevron’s network in 2010, according to a report from The Wall Street Journal. The oil giant told the paper that they believe the infection was not intended, noting that the government wasn’t aware of how far the infection spread.

Mark Koelmel, Chevron's general manager of the earth sciences department told the Journal, “I don't think the U.S. government even realized how far it had spread,” adding, “I think the downside of what they did is going to be far worse than what they actually accomplished.”

Oil Companies in Malware AttacksChevron said that the virus was detected on their network in 2010, and was immediately addressed without incident. The Journal speculated that the Chevron infection was the result Stuxnet’s release on a larger network. However, the story marks the first time a U.S. company has acknowledged that they were impacted by the government sanctioned malware.

The same story also cited U.S. officials who blamed Iranian malware authors for the creation of the Shamoon virus that attacked Saudi oil giant Aramco. The impact of the Shamoon attack was noted by said U.S. Secretary of Defense Leon Panetta in a speech last month.

“All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” he said.

In June, excerpt from a book written by the New York Times’ David Sanger was published on the NYT’s website, recounting how the Obama administration took over a project started during the second Bush administration targeting Iran. This project, code-named Olympic Games, was purely technical and resulted in what the world knows today as Stuxnet.

From the Times’ report:

“Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.”

Related: Disttrack/Shamoon Sabotage Malware Wipes Data At Unnamed Middle East Energy Organization

Related: Saudi Arabia's National Oil Company Kills Network After Cyber Attack

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.