Iran Steel Plants ‘Hit By Cyber-Attack’

One of Iran’s three state-owned steel-producing companies said it was forced to halt production after hit by a cyber-attack that also targeted the other two firms, as security experts said the claims were difficult to verify.

The Iranian government did not acknowledge the reported attacks or blame any specific group for the attacks on the three steel producers amidst heightened regional tensions.

A group calling itself “Gonjeshke Darande”, or Predatory Sparrow in Persian, claimed responsibility for the attacks on Telegram and reportedly released what it said was closed-circuit the factor floor of Khuzestan Steel, one of the three companies, in which a piece of heavy machinery on a production line malfunctions and causes a massive fire.

‘Aggression’

The group said it carried out the attack in response to the “aggression of the Islamic Republic”, Associated Press reported.

“These companies are subject to international sanctions and continue their operations despite the restrictions,” the group said, according to several reports.

The same group took credit for an attack in October 2021 on Iran’s petrol stations.

Brigadier General Gholamreza Jalali, head of Iran’s Civil Defence Organisation, at the time blamed the petrol station attack on “the Zionist regime, the Americans and their agents”, while acknowledging that the body was “unable to say forensically” who might have carried it out.

Production halt

Khuzestan Steel said its factory had to stop work until further notice “due to technical problems” following “cyberattacks”.

The company’s website and that of Mobarakeh Steel were unavailable on Monday, while the website of the National Iranian Steel Company (NISCO), the country’s third steel producer, was operating.

All three are owned by Iranian Mines & Mining Industries Development & Renovation, or IMIDRO, a state-owned holding company.

Mobarakeh Steel, the largest steel producer in the region, said its factory in Mobarakeh was also affected and the state-run Iran newspaper reportedly said a third factory in Bandar Abbas was also targeted, although neither plant acknowledged damage or disruption.

Competing claims

But Khuzestan Steel chief executive Amin Ebrahimi said the company had fended off the attack and prevented damage to production.

The Mehr news agency quoted him as saying the attack was “unsuccessful”.

Computer security firm Mandiant said attacks on operational technology (OT) are very difficult to carry out and that as a result the claims should be assessed carefully.

John Hultquist, vice president of Mandiant Intelligence, said that the video screenshot provided could have been obtained through read-only access and doesn’t necessarily indicate an intrusion into an operational system.

Disruption

He added that the attackers may be satisfied with giving the impression that an attack occurred.

“In some respects, it doesn’t really matter if this was a cyberattack or not. The evidence that was provided by the alleged attacker may be sufficient to convince many that a cyber attack occurred, serving the attacker‘s purposes,” Hultquist said.

Iran disconnected much of its government infrastructure from the internet after the Stuxnet computer virus — widely considered a joint US-Israel project — disrupted thousands of centrifuges used in the country’s nuclear sites in the late 2000s.