| ID | B0017 |
| Objective(s) | Impact |
| Related ATT&CK Techniques | None |
| Impact Type | Availability |
| Version | 2.0 |
| Created | 1 August 2019 |
| Last Modified | 8 May 2023 |
Malicious code accomplishes hardware destruction. For example, malicious code may cause hardware to overheat through manipulation of power management software that controls the CPU’s voltage and frequency. Destruction of hardware is also associated with cyber attacks against industrial control systems, exemplified in the 2007 Aurora test at the Department of Energy’s Idaho National Laboratory that successfully used 149 kilobytes of code to physically damage a generator connected to the electric grid [1]. A more recent example is PIPEDREAM, a modular ICS attack framework that reportedly has “capabilities to disrupt, degrade, and potentially destroy physical processes in industrial environments” [2].
| Name | Date | Method | Description |
|---|---|---|---|
| Stuxnet | 2010 | -- | Stuxnet made centrifuges at Iran's nuclear plant spin dangerously fast for a few minutes, before returning to normal speed. A month later, it slowed the centrifuges down for nearly an hour. This was repeated for several months, and over time the strain destroyed the machines. [3] |
[1] A. Greenberg,"How 30 Lines of Code Blew Up a 27-Ton Generator," Wired, 23 Oct. 2020. [Online]. Available: https://www.wired.com/story/how-30-lines-of-code-blew-up-27-ton-generator/.
[2] "ICS/OT CYBERSECURITY YEAR IN REVIEW 2022," Dragos, 25 Feb. 2023. [Online]. Available: https://hub.dragos.com/hubfs/312-Year-in-Review/2022/Dragos_Year-In-Review-Report-2022.pdf?hsLang=en.
[3] https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf
[4] https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en