Iran Blames Nation State For Cyberattack on Petrol Stations

Iran has blamed a foreign nation state for being responsible for a cyberattack that paralysed its petrol distribution network this week.

The BBC reported that the threat actor, which called itself ‘Predatory Sparrow’, claimed responsibility for carrying out the hack. However Iran’s top internet policy-making body has reportedly blamed an unnamed ‘state actor’.

The cyberattack, the BBC reported, apparently hit an intranet-based system that lets motorists buy subsidised fuel with government-issued smart cards. The attack caused long queues at petrol stations.

Petrol hack

The BBC also reported the hackers also hijacked digital billboards on motorways in the capital city of Tehran and elsewhere.

The attackers made the billboards display a message saying: “[Supreme Leader Ayatollah Ali] Khamenei, where is our fuel?”

And the impact of the petrol distribution cyberattack is reportedly being felt across the nation.

The BBC reported that only 5 percent of the country’s 4,300 petrol stations had been reconnected by Wednesday morning, citing a spokeswoman for the National Iranian Oil Products Distribution Company (NIOPDC) who reportedly told state media.

However, almost 3,000 were able to sell fuel “offline” at the unsubsidised price, she added.

Nation state?

Iran’s economy has of course suffered extensively due to US sanctions, coupled with government mismanagement and corruption the BBC reported, adding that most people in the country depend on subsidised fuel.

“Some are aiming to stoke public anger by creating chaos and disrupting people’s lives,” President Ebrahim Raisi reportedly told a cabinet meeting on Wednesday.

The president also claimed that “vigilance” by Iranian authorities had prevented the hackers from taking advantage of the situation.

The secretary of the Supreme Council of Cyberspace, Abolhassan Firuzabadi, said the attack was carried out by a foreign country, but that it was “too early to announce by which country and in which way it was done.”

A BBC journalist posted on Twitter, a post on Telegram from Predatory Sparrow, which said that the hack was a “response to the cyber actions by Tehran’s terrorist regime against the people in the region and around the world”.

It reportedly added that it had warned Iran’s emergency services personnel in advance and had chosen not to exploit a vulnerability that would have caused “very long-term damage”.

The group also announced that it was behind a cyberattack on Iran’s rail network in July, which caused message boards at stations to incorrectly show trains as delayed or cancelled.

Previous attacks

Iran has been hit by multiple cyberattacks over the past decade.

The most famous of which was Stuxnet, which was thought to have been created by both Israel and the United States.

It was discovered in 2010 when it was used to attack a uranium enrichment facility at Iran’s Natanz nuclear site.

But other attacks have also taken place. In August 2016 Iranian officials said the country had taken ‘necessary defensive measures’ after malware was discovered at two of its petrochemical plants.

Then in November 2018, Iran said an attempted cyberattack had threatened to disrupt its telecommunications network. That came after it had discovered a new version of the Stuxnet malware targeting its nuclear infrastructure.

Iran has sought to ramp up its cyber defences.

In May 2019 the country claimed it had developed a firewall that would protect its critical infrastructure from cyberattacks, including the infamous Stuxnet malware.

But that didn’t stop the the United States allegedly carried out a secret cyberattack on Iran in October 2019, following an attack on Saudi Arabia’s oil facilities on 14 September.

Then in December 2019 an Iranian government minister claimed the country has fended off a second cyberattack against it, in less than a week. That cyberattack was apparently targetting electronic systems of the Iranian government.

In July 2020 Iranian officials said a fire at the country’s Natanz nuclear facility may have been caused by a cyberattack. The Atomic Energy Organisation of Iran (AEOI) said the fire occurred on at the plant, which US intelligence analysts identified as a new centrifuge assembly workshop.

In August 2021 the sources within the British Government said the Prime Minister Boris Johnston was considering a range of responses to the killing of a British national, including a possible cyber response.

It came after the crew onboard the Israel-owned tanker Mercer Street heard the noise of a flying drone followed by explosions, as a hole was blasted through the top of the vessel. The drone (allegedly from Iran) was packed with explosives that detonated on impact.

The explosion killed an unnamed British security guard and a Romanian sailor.