This is what I remember, so probably true. It only attacked Siemens equipment with MAC addresses known to have shipped to Iran.
I thought it was crazy then and still do. If I had a clandestine operation I'm not supposed to have, I sure as fuck wouldn't hook it up to the internet. I also wouldn't hook up pipeline pumping stations and electric delivery systems to the internet either, yet here we are...
Careful, you're thinking! That's discouraged now.
How dare I think!
People are dumb and SCADA equipment is directly internet connected all over the world.
I was at a Defcon talk where the creator of Metasploit was able to gain access to floodgate controls on a dam in China. If he was a bad actor or a nation state he could have easily killed a couple of million people by fully opening the gates then bricking the scada controllers.
(post is archived)