Worm Targeted Email

Creator Infected USB With Dropper
Drive
Sabotage Sabotage Worm Creator
External Source
Tradeshow Contractor

Targeted Email Infected
With Dropper Infected USB Drive
USB Drive S7 Project
Files External Source
S7 Project
Initial Asset
S7 Project Infected
Files USB Drive Employee Files

S7 Project Infected
USB Drive Contractor
Files
Remote
Access

Employee External Contractor
Laptop Remote
Workstation Drive
Access Initial
Asset
Network Print Server Server Enterprise
Share Vuln Service Vuln Control Network
Network Print Server S7 Project
Lnk Vuln
Share Vuln Files
ECN
Servers

Network
Share Employee
Remote Access
Network
Historian Employee
Share
Managers Remote Access
Workstation

WinCC DB Enterprise
Exploit Control Network
Perimeter
Network
CAS
Server

WinCC DB Network Print Server Server S7 Project
Exploit Share Vuln Service Vuln Files

Infected
USB Drive Web Nav Network
Server Share
Network WinCC DB S7 Project
Perimeter
Share Exploit Files
Network Server Network
Share Service Vuln Process Control
Network
OS Network WinCC Network Engineering
Server Share Server Share Station

Process
Logic Logic Logic Control Network
Modification Modification Modification Control System
Network

S7-315 S7-417
PLCs Safety PLCs
Control
System Network
Industrial
I/O Modification I/O Modification Process
Target
Industrial
Process

Figure 7: Partial Stuxnet Attack Graph