Hacktivists reportedly disrupted services at about 70 percent of Iran’s gas stations in a politically motivated cyberattack.
Iran’s oil minister Javad Owji confirmed on Monday the IT systems of the nation’s petrol stations had been attacked as Iranian media told of long queues at the pumps and traffic jams – particularly in Tehran – as folks tried and failed to fill up.
A spokesperson for the country’s gas stations told the Fars News Agency insisted there was no fuel shortage, just an inability to pump that fuel.
“A software problem with the fuel system has been confirmed in some stations across the country and experts are currently fixing the issue,” Reza Navar claimed.
Meanwhile, a group called Gonjeshke Darande – or Predatory Sparrow – claimed responsibility for taking out the gas pumps. This comes during a period of high tension in the Middle East stemming from the Israel-Hamas conflict over Gaza.
“This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” the crew declared in its Telegram channel. “A month ago we warned you that we’re back and that we will impose cost for your provocations. This is just a taste of what we have in store.”
Iran has accused the gang, which has also carried out cyberattacks on Iranian railway systems and a steel plant, of having ties to Israel.
After the digital intrusion into the Iranian steel plant’s network in July 2022, which also caused a serious fire, Itay Cohen, head of cyber research at Check Point Software, told the BBC that “given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state” – contrary to the crew’s claim to be simple hacktivists.
Predatory Sparrow also bragged about the Iran gas station shutdown on Twitter, and said as with their “previous operations, this cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services.
“We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation.”
The cyberassault comes as pro-Hamas crews linked to Iran have increased their digital disruptions on Israeli and American targets – including targeting water facilities in both countries.
Also on Monday, the Israel National Cyber Directorate blamed Iran and Hezbollah for a cyberattack last month against Safed’s Ziv Medical Center.
“The investigation brought to light that the cyber attack group, known as AGRIUS and affiliated with the Iranian Ministry of Intelligence, attempted in late November 2023 to carry out a cyber attack on Ziv Hospital in northern Israel, with the aim of disrupting its ongoing functions amid the ‘Iron Swords’ war,” the National Cyber Directorate alleged in a statement.
“The attack was executed by the Iranian Ministry of Intelligence with the involvement of Hezbollah’s ‘Lebanese Cedar’ cyber units under the leadership of Mohammad Ali Merhi,” it added.
While the group failed to disrupt operations and halt medical treatment, the intruders did steal private data from the hospital’s systems, according to the Israeli government. ®