Cyber Attack in Iran Cripples Gas Stations Across the Country
Reading Time: 2 minutes

A cyber attack in Iran cripples gas stations across the country, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime’s ability to distribute gasoline.

Videos and posts are circulated on Twitter with messages, “Khamenei! Where is our gas?”. Ayatollah Ali Khamenei happens to be Iran’s supreme leader. According to APNews, a sign read, “Free gas in Jamaran gas station,” with gas pumps showing the words “cyberattack 64411”

Iran’s Supreme Cyberspace Council, Abolhassan Firouzabadi said the attacks were “probably” state-sponsored, though it was too early to determine which country carried out the intrusions.

No country or group has claimed responsibility for the cyber attack. This is the second time digital billboards have been altered to display similar messaging.

Earlier in July 2021, Iranian Railways and the Ministry of Roads and Urban Development systems were targeted by hackers. They managed to alter the information display system, to alert passengers about train delays and cancellations and urged them to call the phone number 64411 for further information. Ironically the number mentioned was of the office of Ali Khamenei that supposedly handles questions about Islamic law.

The bad actors used “Meteor”, a never-before-seen reusable data-wiping malware.

According to CheckPoint, the train attack was carried out by a  “regime opposition” threat actor that self-identifies as “Indra“.  The bad actors seem to have ties with other hacktivism and cybercriminal groups, in addition to linking the malware to prior attacks targeting Syrian petroleum companies in early 2020.

The Indra group’s official Twitter account bio mentioned, “Aiming to bring a stop to the horrors of [Quds Force] and its murderous proxies in the region.”

Check Point in July said, “While most attacks against a nation’s sensitive networks are indeed the work of other governments, the truth is that there is no magic shield that prevents a non-state sponsored entity from creating the same kind of havoc, and harming critical infrastructure in order to make a statement.” 

Related Articles:

BillQuick Billing Software Exploited by Hackers to Deploy Ransomware
Hackers Steal Browser Cookies to Hijack High-Profile YouTube Accounts
Microsoft – New Security Flaw Affecting Surface Pro 3 Devices