Breach Notification , Critical Infrastructure Security , Cybercrime
Cyberattack Reportedly Cripples Iran Gas StationsIranian Government Blames Unnamed Foreign Country
A cyberattack on systems that govern fuel subsidies in Iran reportedly hit all fuel stations in the country and left many citizens without fuel on Tuesday. Later, Islamic Republic of Iran Broadcasting announced that about 50% of the stations had resumed working, according to the state-run media Islamic Republic News Agency.
See Also: Webinar | How the SASE Architecture Enables Remote Work
The disruption at the fuel stations, which lasted a few hours, was caused by a cyberattack against the petrol distribution computer system, IRNA said, citing Abul-Hassan Firouzabadi, secretary of the Supreme Council to Regulate Virtual Space in Iran.
Government officials were unable to access the IT systems that enable Iranians to fill their vehicle tanks for free or at subsidized prices using a digital card issued by the authorities, IRNA reported.
The incident affected all 4,300 fuel stations across the country, IRNA cited Firouzabadi as saying. He reportedly added that the "details of the attack and its source are under investigation."
The attack also disrupted the website of the National Iranian Oil Products Distribution Co., according to IRNA. The site remained blocked at the time of writing this report.
A Ministry of Oil spokesperson, however, attributed the disruption to a software glitch, according to Jahan News.
The news outlet later reported that refueling operations had resumed at some of the affected gas stations.
Firouzabadi told IRNA that the attack was "probably" carried out by a foreign country, according to a tweet by BBC journalist Kian Sharifi, which embedded the news broadcast.
Similar Disruption, Same Phone Number
Motorists who are eligible for the fuel subsidy plan were prevented from using the service, according to the IRNA report, which said the fuel pumps displayed a cryptic message: "cyberattack 64411."
The number 64411 is the phone number for the office of Iran's supreme leader, Ali Khamenei. It was seen in a July 2021 attack in Iran that disrupted train services and shut down the website for the Ministry of Roads and Urban Development. The attack programmed screens at train stations to show the number 64411 for travelers to call for more information about the problems (see: Wiper Malware Used in Attack Against Iran's Train System).
Group Claims Responsibility
A group calling itself Predatory Sparrow has claimed responsibility for both the petrol station and railway network attacks, according to screenshots posted by BBC journalist Shayan Sardarizadeh.
A group calling itself "predatory sparrow" has claimed today's nationwide cyber-attack on Iran's petrol stations, also claiming responsibility for a similar attack on Iran's railway network earlier this year. The claims are unconfirmed and must be treated with caution. pic.twitter.com/4AwgTUImB6— Shayan Sardarizadeh (@Shayan86) October 26, 2021
The alleged hackers claim to have found a significant vulnerability that could cause long-term damage and said they have reported it to the vendor. They also claim to have sent messages to relevant emergency services in Iran to limit the damage.
In April, Israeli public media outlet Kan, citing intelligence sources, claimed that an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility in what Iran describes as an act of "sabotage."
The attack at the Iranian Natanz nuclear site - the same site hit by the Stuxnet worm a decade earlier - damaged centrifuges and affected Iran’s ability to amass the highly enriched uranium needed for a nuclear bomb (see: Iranian Nuclear Site Shut Down by Apparent Cyberattack).