Kaspersky and Symantec had always suspected that prior to Stuxnet’s assault on the centrifuges in Iran, the attackers had used an espionage tool to collect intelligence about the configuration of the Siemens PLCs. The information could have come from a mole, but now it seemed more likely that a digital spy like Duqu had been used.
Malware discovered after stuxnet (“Duqu”) and very similar to it (even though its zero days had been published) may have been deployed earlier, probably in order to collect the intelligence necessary to craft and launch stuxnet itself. Perhaps in part as well to steal certs that stuxnet used.
