Stuxnet is almost certainly part of a new generation of state-created cyber-weapons. It is too sophisticated to be the work of hackers, too specific to a one type of industrial equipment to have been crafted by profit-seeking criminals. And it updates itself periodically.
Wired has a great article about how it was discovered and tracked by computer security investigators, and how it resembled other, supposed cyber-attacks:
To illustrate the destructive capability of Stuxnet, the researchers referenced an oft-cited 1982 CIA digital attack on the Siberian pipeline that resulted in an explosion a fifth the size of the atomic bomb detonated over Hiroshima.
Bruce Schneier has a good analysis of the purposes of Stuxnet:
Stuxnet doesn’t act like a criminal worm. It doesn’t spread indiscriminately. It doesn’t steal credit card information or account login credentials. It doesn’t herd infected computers into a botnet. It uses multiple zero-day vulnerabilities. A criminal group would be smarter to create different worm variants and use one in each. Stuxnet performs sabotage.