Breach Notification , Critical Infrastructure Security , Cybercrime

Cyberattack Reportedly Cripples Iran Gas Stations

Iranian Government Blames Unnamed Foreign Country
Cyberattack Reportedly Cripples Iran Gas Stations
Iran's fuel pumps reportedly displayed the message: "cyberattack 64411." (Image Source: Shutterstock)

A cyberattack on systems that govern fuel subsidies in Iran reportedly hit all fuel stations in the country and left many citizens without fuel on Tuesday. Later, Islamic Republic of Iran Broadcasting announced that about 50% of the stations had resumed working, according to the state-run media Islamic Republic News Agency.

See Also: OnDemand | Password Management: Securing Hybrid Work for the Long Haul

The disruption at the fuel stations, which lasted a few hours, was caused by a cyberattack against the petrol distribution computer system, IRNA said, citing Abul-Hassan Firouzabadi, secretary of the Supreme Council to Regulate Virtual Space in Iran.

Government officials were unable to access the IT systems that enable Iranians to fill their vehicle tanks for free or at subsidized prices using a digital card issued by the authorities, IRNA reported.

The incident affected all 4,300 fuel stations across the country, IRNA cited Firouzabadi as saying. He reportedly added that the "details of the attack and its source are under investigation."

The attack also disrupted the website of the National Iranian Oil Products Distribution Co., according to IRNA. The site remained blocked at the time of writing this report.

A Ministry of Oil spokesperson, however, attributed the disruption to a software glitch, according to Jahan News.

The news outlet later reported that refueling operations had resumed at some of the affected gas stations.

Firouzabadi told IRNA that the attack was "probably" carried out by a foreign country, according to a tweet by BBC journalist Kian Sharifi, which embedded the news broadcast.

Similar Disruption, Same Phone Number

Motorists who are eligible for the fuel subsidy plan were prevented from using the service, according to the IRNA report, which said the fuel pumps displayed a cryptic message: "cyberattack 64411."

The number 64411 is the phone number for the office of Iran's supreme leader, Ali Khamenei. It was seen in a July 2021 attack in Iran that disrupted train services and shut down the website for the Ministry of Roads and Urban Development. The attack programmed screens at train stations to show the number 64411 for travelers to call for more information about the problems (see: Wiper Malware Used in Attack Against Iran's Train System).

Group Claims Responsibility

A group calling itself Predatory Sparrow has claimed responsibility for both the petrol station and railway network attacks, according to screenshots posted by BBC journalist Shayan Sardarizadeh.

The alleged hackers claim to have found a significant vulnerability that could cause long-term damage and said they have reported it to the vendor. They also claim to have sent messages to relevant emergency services in Iran to limit the damage.

Other Cyberattacks

In April, Israeli public media outlet Kan, citing intelligence sources, claimed that an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility in what Iran describes as an act of "sabotage."

The attack at the Iranian Natanz nuclear site - the same site hit by the Stuxnet worm a decade earlier - damaged centrifuges and affected Iran’s ability to amass the highly enriched uranium needed for a nuclear bomb (see: Iranian Nuclear Site Shut Down by Apparent Cyberattack).


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.