Iran

June 27, 2022: Khuzestan Steel Hit in Cyber Attack; Production Halts

One of Iran’s major steel companies ended up forced to halt production Monday after being hit by a cyberattack.
The Iranian government did not acknowledge the disruption or blame any specific group for the assault on the state-owned Khuzestan Steel Co., which constitutes the latest example of an attack crippling the country’s services in recent months amid heightened tensions in the region, according to a report from The Associated Press.
A little-known hacking group claimed responsibility for the attack on social media, saying it targeted Iran’s three biggest steel companies because of their links to Iran’s paramilitary Revolutionary Guard and volunteer Basij militia.

October 26, 2021: Cyberattack Leaves Motorists Stranded At Gas Stations in Iran.

A cyberattack crippled gas stations across Iran, leaving angry motorists stranded in long lines. No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.

It bore similarities to another attack months earlier that seemed to directly challenge Iran's Supreme Leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions. Israeli cybersecurity firm Check Point later attributed the Iran train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

July 2, 2021: Iran’s Rail Service Delayed with Fake Messages

Iran's railroad system came under cyberattack on July 2, a semi-official news agency reported, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country.
The hackers posted messages such as “long delayed because of cyberattack" or “canceled" on the boards. They also urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei. Israeli cybersecurity firm Check Point attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

January 1, 2010: Malware Targets Uranium Enrichment Facility

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

January 1, 2012: Iranian Oil Terminal offline after malware attack

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

January 1, 2010: Malware Shuts Down Milling Factory

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

March 18, 2010: Malware Targets Uranium Enrichment Facility

Stuxnet reportedly compromised Iranian PLCs, collecting information on from the industrial systems then downloaded a configuration to the controllers that caused the fast-spinning Uranium enriching centrifuges to tear themselves apart. Stuxnet has 3 major components; A worm module, A link file and a rootkit module. The worm propagates across the network, scanning for Siemens Step7 software on computers controlling a PLC. In the absence of either criterion, Stuxnet becomes dormant inside the computer. If both the conditions are fulfilled, Stuxnet introduces the infected rootkit onto the PLC and Step7 software, modifying the code and giving unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Iranian sources confirmed that the Stuxnet malworm shut down uranium enrichment at Natanz for a week from Nov. 16 to 22, 2010.

May 9, 2020: Shahid Rajaee Port Terminal Maratime Attack

Computers that regulate the flow of vessels, trucks and goods all crashed at once, ­creating massive backups on waterways and roads leading to the facility,” the Post reported, adding that it had seen satellite photos showing miles-long traffic jams leading to the port and ships still waiting to offload several days later.

Pin It on Pinterest

Scroll to Top