Iran confirms nationwide cyberattack on gas stations

Jason Macuray
A cyberattack has disrupted the operation of gas stations throughout Iran, authorities confirmed on Monday.

A cyberattack has disrupted the operation of gas stations throughout Iran, authorities confirmed on Monday.

According to Iran’s oil minister, Javad Owji, “outside interference” took out about 70% of gas stations nationwide. He told local media that about 1,650 stations remain operational, while others are forced to operate their pumps manually. According to various media reports, Iran has around 33,000 gas stations.

Iranian authorities blamed the attack on Israel and the U.S. Tensions between Tel Aviv and Tehran are already high due to the ongoing war between Israel and the Palestinian militant group Hamas, which is reportedly supported by Iran.

The attack on Iran also coincided with the arrival of U.S. Defense Secretary Lloyd Austin in Israel, following a drone attack by an Iran-backed group that posed a threat to commercial and U.S. Navy ships in the Red Sea.

An Israel-linked hacking group called Predatory Sparrow claimed responsibility for the cyberattack on Iran’s gas stations on Monday, saying that it was a retaliation for the aggression of Iran and its allies in the region.

“A month ago we warned you that we’re back and that we will impose cost for your provocations. This is just a taste of what we have in store,” the hackers said.

The group claimed that it breached the central servers of gas stations, gaining access to specific station information, payment system details, and management systems.

Iranian authorities did not comment on these claims, and they have also not publicly confirmed whether any information was accessed during the attack.

Israeli media reported that the Predatory Sparrow hackers are believed to be linked to Israeli military intelligence. The hackers previously claimed responsibility for cyberattacks on the Iranian state-owned steel company and fuel distribution system, both of which were successful.

The group said in a statement on Telegram that, similar to its previous operations, the latest attack on Iran “was conducted in a controlled manner” to limit potential damage to emergency services.

“We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed… despite our access and capability to completely disrupt their operation,” the hackers said.

The Israel Cyber Directorate didn’t comment on Predatory Sparrow’s recent operation, but on the same day as the attack it issued a statement blaming Iran for an attempted cyberattack on a hospital in Israel in late November.

The agency claimed that the attack on Ziv Medical Center was carried out by the hacker group known as Agrius, affiliated with Iranian intelligence. The attack was “aimed at disrupting the hospital’s operations but ultimately failed,” the statement said.

During this operation, the hacker group linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. Israeli cyber authorities confirmed that the attackers managed to extract some private data stored in the hospital’s systems but didn’t mention what kind of data it was.

In recent months, there have been more public reports on Iran’s cyberattacks against Israel than there have been about Israeli attacks targeting Iran.

In October, an Iranian state-backed hacker group was caught spying on the government, military, and telecom sectors in the Middle East, including Israel. In November, researchers reported that Iranian Imperial Kitten hackers targeted organizations in Israel’s transportation, logistics, and technology sectors, while two other groups were observed deploying new destructive malware against organizations in Israel.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk
is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Cars have become computers on wheels — and police have easy access to their data

Next Post

Apparel giant VF reports cyberattack on first day of SEC disclosure rule

Related Posts

Bogus npm Packages Used to Trick Software Developers into Installing Malware

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
Read More