Iranian Petrol Stations Suffer A Massive Attack

Uploaded on 2021-10-29 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Energy

A significant cyber attack has hit Iran’s online petrol distribution system, affecting fuel stations across the country and causing long lines of frustrated motorists.

Iranian news sources have said that a foreign country was probably behind the attack and n Iranian state television account online has shared images of long queues of cars waiting to fill up in Tehran.

The Iranian ISNA news agency, which called the incident a cyber attack, said it saw those trying to buy fuel with a government-issued card through the machines instead receive a message reading 'cyber attack 64411'. 

Most Iranians rely on those subsidies to fuel their vehicles, particularly amid the country’s economic problems.
The widespread attack came shortly before the second anniversary of the November 2019 nationwide protests against an overnight petrol price rise. At the time, petrol prices as much as tripled, sparking the protests that Amnesty International has said led to the deaths of more than 300 people.

Internet access was also shut down across the country for almost a week during the protests. Some areas where protests were still continuing experienced weeks of internet disruptions.

With the details still unclear there is speculation about whether the purported attack came from the US, Israel or from local Iranian anti-regime groups. According to reports, messages were posted in some systems that were hacked, addressing Iran’s Supreme Leader Ayatollah Ali Khamenei directly and demanding to know, “Where is the gas?” The attack comes some two years after nationwide protests over gas shortages in fall 2019... The disruption at the refueling system of gas stations... in the past few hours, was caused by a cyber attack,” the state Iranian national  broadcaster said. “Technical experts are fixing the problem and soon the refueling process... will return to normal.”

The Oil Ministry said only sales with smart cards used for cheaper, rationed gasoline were disrupted and that clients could still buy fuel at higher rates.

Possible Retaliation

Iran recently carried out a complex and coordinated strike on US forces in Syria using up to five armed drones to attack a strategic point near the Jordan-Iraq border. The attack was the latest in a series of drone strikes on US forces. In a press briefing recently, the US Envoy on Iran mentioned possible US action to deter Iranian aggression in the region. although he declined to elaborate what those actions might be.

The US is considered to be the world’s most potent cyber power but it has often been hesitant to use its offensive cyber capabilities against groups other than ISIS, for fear of cyber retaliation.

Under the Trump administration, the US did hack major Iranian intelligence maritime operations to deter Iran from attacking American allies at sea. The Biden administration is not thought to have  done so to date, although Israel has reportedly hacked Iran’s Shahid Rajaee Port on May 9, 2020, as a counter strike for an attempted Iranian cyber strike on Israel’s water supply system

Iran has also accused the Mossad, the US and European intelligence agencies of using the STUXNET virus to hack its Natanz nuclear facility in 2009-2010.

Former an Israeli Security Agency official said that there was a good chance that a nation-state actor could carry out such a broad and successful attack, however, recent events have  shown that amateur hackers can cause major disruption to the US and European powers with sophisticated ransomware and other means. 

In August, Check Point Software Technologies issued a report stating that an Iranian dissident group called Indra, not Israel, executed the large scale attack on the Islamic Republic’s train system in July. Check Point said Indra’s hack was “an example for governments around the world of how a single group can create disruption on critical infrastructure.” 

If non-state groups are traditionally thought of as lacking the capability to do more than hack websites and data, this was an example of such a non-state group causing profound real-world damage.

Indra’s tools destroyed data without direct means to recover it by using a “wiper,” or malware designed to wipe the entire data system of critical infrastructure, making the recovery process complicated, locking users out of machines, changing passwords, and replacing wallpapers to custom messages crafted by the attackers. The hack included posting of fake messages about train delays and cancellations on display boards across Iran.

JPost:     Heimdal Security:       Al Jazeera:       KashmirWalla:      Bloomberg:      Oodaloop

You Might Also Read:

Israeli Hospital Attacked With Ransomware:

 

« A Short Guide To Ransomware
Police Arrest 150 Suspects In Dark Web Operation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DCL Search & Select

DCL Search & Select

DCL Search & Selection connect candidates to the best companies in the IT Security, Telco, UC, Outsourcing, ERP, Audit & Control markets.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

VerifyMe

VerifyMe

VerifyMe is a global technology solutions company delivering brand protection offerings to mitigate counterfeiting, product diversion, and illicit trade.

Quadron Cybersecurity Services

Quadron Cybersecurity Services

Quadron Cybersecurity Services is a specialist in digital security, data and system protection.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Appgate

Appgate

Appgate is the secure access company. We empower how people work and connect by providing solutions purpose-built on Zero Trust security principles.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Content+Cloud

Content+Cloud

Content+Cloud is a leading technology services business and Managed Services Provider (MSP) with a genuine passion for helping your organisation to succeed, whatever your ambitions.

X Technologies

X Technologies

X Technologies provide world-class engineering, information technology, information security, program management and repair services to Federal, State and commercial customers.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Strac

Strac

Eliminate Personal Data Risks from your business. Our Dataless SaaS removes the need to manage sensitive data across web, mobile apps, servers and communication channels.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.