Iran

Country

Natanz and Fordo Facilities closed down “Automation Network” after New Worm Targeted Iran’s Nuclear Program

July 1, 2010

Two of Iran’s uranium-enrichment plants were struck by a cyberattack earlier this week that shut down computers and blared AC/DC songs, according to reports from Bloomberg News and others. The virus closed down the automation network at the Natanz and Fordow facilities, according to an e-mail received by F-Secure, a Finnish cybersecurity Web site, from Iran’s Atomic Energy Organization.

F-Secure Security Labs said that while it was unable to verify the details of the attack described, it had confirmed that the scientist who reported them was sending and receiving the e-mails from within Iran’s Atomic Energy Organization.

read more

Iranian Petrol Stations Hit by Cyberattack

December 18, 2023

Iran has accused a hacking group with alleged ties to Israel of carrying out a cyber attack that resulted in service disruptions at petrol stations throughout the country on Monday. The Israeli hacker group Gonjeshke Darande or Predatory Sparrow also claimed responsibility for hacking Iran’s gas stations. Iran’s oil minister, Javad Owji, confirmed that a cyberattack was responsible for the widespread disruption of petrol stations nationwide, and that services had been disrupted at about 70% of Iran’s petrol stations.

read more

Iranian Oil Terminals Offline after Malware Attack

April 22, 2022

Iran has been forced to disconnect key oil facilities after suffering a malware attack on Sunday, say reports.

The computer virus is believed to have hit the internal computer systems at Iran’s oil ministry and its national oil company. Equipment on the Kharg island and at other Iranian oil plants has been disconnected from the net as a precaution. Oil production had not been affected by the attack, said the Mehr news agency. However, the attack is believed to have been responsible for knocking offline the websites of the Iranian oil ministry and national oil company.

read more

Cyberattack at Iranian Nuclear Power Plant

October 17, 2022

The Iranian Atomic Energy Organization (AEOI) has confirmed that one of its subsidiaries’ email servers was hacked after the ”Black Reward’ hacking group published stolen data online. AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos. The agency says it immediately took the necessary preventive measures to mitigate the results of this incident and informed all concerned parties and officials to be prepared for potential exploitation attempts.

The hacker group responsible for the attack calls itself ‘Black Reward’ and has leaked some of the stolen data on their Telegram channel. Black Reward posted a 27GB 14-part collection of RAR archives allegedly containing 85,000 email messages characterized as “perfect for researchers.” The hackers’ message is signed “For women, life, freedom,” giving the email server breach and data leak action the character of hacktivism.

read more

Khuzestan Steel among Plants Hit in Cyber Attack; Production Halts

June 27, 2022

Khuzestan Steel Co. (KSC) said the plant had to stop work until further notice “due to technical problems” following “cyberattacks.” The company’s website of the major Iranian steel companies was down on Monday.

Hacktivist group or also possibly nation state actor, Predatory Sparrow (Gonjeshke Darande) claimed responsibility. The attackers caused the foundry to spew hot molten steel and fire onto the factory floor, but not until workers had already cleared the area, unbeknownst of what was about to happen. The timing of their attack is deliberate.

A video captured during one of these attacks was shared on their social platforms as proof. It already has 200,000 views.

Predator Sparrow leaked “top secret documents and tens of thousands of emails” and “trading practices” from the steel makers they attacked. Only the hack on KSC resulted in a public acknowledgment of downtime. Not enough details or evidence avail. on MSC and HOSCO attacks.

read more

Cyberattack Leaves Motorists Stranded At Gas Stations in Iran.

October 26, 2021

A cyberattack crippled gas stations across Iran, leaving angry motorists stranded in long lines. No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.

It bore similarities to another attack months earlier that seemed to directly challenge Iran’s Supreme Leader Ayatollah Ali Khamenei as the country’s economy buckles under American sanctions. Israeli cybersecurity firm Check Point later attributed the Iran train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

read more

Iran’s Rail Service Delayed with Fake Messages

July 9, 2021

Iran’s railroad system came under cyberattack on July 2, a semi-official news agency reported, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country.
The hackers posted messages such as “long delayed because of cyberattack” or “canceled” on the boards. They also urged passengers to call for information, listing the phone number of the office of the country’s supreme leader, Ayatollah Ali Khamenei. Israeli cybersecurity firm Check Point attributed the train attack to a group of hackers that called themselves Indra, after the Hindu god of war.

read more

Malware Targets Uranium Enrichment Facility

January 1, 2010

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more

Iranian Oil Terminal offline after malware attack

April 22, 2012

Iran has been forced to disconnect key oil facilities after suffering a malware attack on Sunday, say reports. The computer virus is believed to have hit the internal computer systems at Iran’s oil ministry and its national oil company. Equipment on the Kharg island and at other Iranian oil plants has been disconnected from the net as a precaution. Oil production had not been affected by the attack, said the Mehr news agency.

Deletion of data from Iranian oil ministry, facilities last month led to discovery of advanced attack code, says expert.

read more

Malware Shuts Down Milling Factory

January 1, 2010

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

read more