detecting-stuxnet-style-attacks
Installation
SKILL.md
Detecting Stuxnet-Style Attacks
When to Use
- When implementing advanced threat detection for high-value OT targets (nuclear, chemical, critical infrastructure)
- When building detection for APT-style attacks targeting PLC logic and process manipulation
- When establishing PLC logic integrity monitoring to detect unauthorized modifications
- When investigating suspected process anomalies that may indicate cyber-physical attacks
- When designing defense-in-depth strategies against nation-state level OT threats
Do not use for basic OT intrusion detection (see detecting-attacks-on-scada-systems), for malware analysis of Stuxnet samples (see malware reverse engineering skills), or for PLC programming and logic development.
Prerequisites
- Detailed understanding of the Stuxnet attack chain and MITRE ATT&CK for ICS framework
- PLC logic backup repository with known-good baseline copies of all PLC programs
- Engineering workstation monitoring (EDR with OT awareness)
- Physics-based process models for the controlled physical process
- Network monitoring for industrial protocol traffic analysis