A cyber attack shut down the nation’s petrol pumps in an incident similar to July's transport hacks, with the internet abound with rumours over the source.
On Wednesday this week, Iranian state media confirmed that an alleged cyber attack shut down the nation’s civilian petrol stations.
Media outlet Jerusalem Post quoted state broadcaster IRIB noting that, “the disruption at the refueling [sic] system of gas stations ... in the past few hours, was caused by a cyber attack ... Technical experts are fixing the problem and soon the refueling [sic] process ... will return to normal.”
However, not all state media commentators agreed on the source. IRIB commentators were further quoted suggesting that the shutdown was as a result of a software glitch.
Forbes further reported that an Iranian official asked Iranians to disregard rumour mongering, while a source “close to the Supreme National Security Council confirmed that a cyber attack was to blame”.
While still early, reports have indicated that those suffering attacks are government-issued petrol card holders.
During the attack, petrol bowsers displayed the slogan “cyber attack 64411”, a reference to the Iranian government’s phone number that answers queries regarding Islamic Law.
Iranian petrol stations have been targeted by a nationwide cyber-attack, with digital screens displaying the message "64411" at pumps. Some billboards have been caught on video display the messaging: "Khamenei, where is our petrol?"pic.twitter.com/Ql8vofFbAF— Shayan Sardarizadeh (@Shayan86) October 26, 2021
It is unknown what groups were responsible for the incident.
Analysts were quick to point out that the hack resembled a series of attacks in July this year, where cyber actors breached the country’s train system and posted the same 64411 phone number. The threat actors took the transport ministry’s website down shortly after.
A phone number--64411--was displayed on boards of train stations today in #Iran amid the reported cyberattack on the rail system. It directed commuters there to call for more information. It matched the number to #Iran's Supreme Leader's Office that is displayed on his website. pic.twitter.com/IQQ85I6QhJ— Iran International English (@IranIntl_En) July 9, 2021
The story of the cyber incident comes as cyber security company Proofpoint uncovered attempts from groups allegedly connected to the Islamic Revolutionary Guard Corps to "honeypot" defence and aerospace contractors.
A multi-year campaign by an Iranian hacking group considered to be linked to the Islamic Revolutionary Guard Corps (IRGC) to hack the computer of a defence contractor was uncovered by cyber security company Proofpoint in July.
Carefully crafting the character Marcela (Marcy) Flores, the hackers added their target as a friend on Facebook in late 2019 before kickstarting their online friendship by exchanging messages in November of the following year. The cyber criminals finally struck in June 2021, attempting to infect the target's computer with malware via an email.
The target works as a defence contractor in the aerospace industry in the US.
According to the carefully crafted profile, Flores was an aerobics instructor at the Harbour Health Club in Liverpool, UK, and graduated from the University of Liverpool in 2012.