Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [0]
The US Government has spent two decades and hundreds of millions of dollars building tools to undermine the security of systems around the world, and withholding information from "Industry" that would help harden those systems.
I have no idea who "did" this, I don't really care. The NSA has been loading this footgun for decades.
One of the core themes in the latter half of the book was how the government obtains zero-days, and then has a "committee of government and industry experts" that think about responsible disclosures, assuming the government is willing to "concede" the "national security advantage" of not disclosing the vulnerability.
Most vulnerabilities don't get disclosed.
Most systems go unpatched.
Just so the USG can exploit foreign systems.
It's very possible this particular vulnerability was found, but it's potential for spying outweighed the concern for patching.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [0]
The US Government has spent two decades and hundreds of millions of dollars building tools to undermine the security of systems around the world, and withholding information from "Industry" that would help harden those systems.
I have no idea who "did" this, I don't really care. The NSA has been loading this footgun for decades.
[0] https://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital-eb...