Cybersecurity

Iran Hit by Major Cyberattack Targeting Nation’s Fuel Supply

Critical Infrastructure Security
,
Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime

Cyber Group Dubbed Predatory Sparrow Takes Responsibility for Widespread Attack

Iran Hit by Major Cyberattack Targeting Nation's Fuel Supply
The Predatory Sparrow group has taken credit for an attack on Iranian gas stations on Dec. 18, 2023. (Image: Shutterstock)

Gas stations across Iran abruptly shut down Monday as part of an apparent cyberattack targeting the nation’s fuel supply system.

See Also: Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape

The attack disabled nearly 70% of gas stations across the country, according to reports, as Israeli media and Iranian state TV credited a widespread cyberattack for the disruptions.

A group called Gonjeshke Darande, otherwise known as Predatory Sparrow, claimed responsibility for the service outages online, saying in a series of social media posts that the cyberattack “was conducted in a controlled manner while taking measures to limit potential damage to emergency services.”

The group said it “delivered warnings to emergency services across the country before the operation began” and “ensured a portion of the gas stations across the country were left unharmed for the same reason.”

Predatory Sparrow previously took responsibility for a 2021 cyberattack targeting Iranian gas stations and is linked to attacks on the nation’s steel foundries and railway systems. Experts believe the group may be nation-state-sponsored or operating as part of a military intelligence unit (see: Predatory Sparrow’s Hacks: There’s Smoke, There’s Fire).

No evidence connects Predatory Sparrow to any specific government, although the group’s heavy interest in Iranian critical infrastructure suggests an actor with an antagonistic relationship with Tehran. Israel and Iran have engaged in a series of cyberattacks over the past few years, including an alleged attempted penetration by Iran of an Israeli water facility in 2020.

The New York Times in 2021 attributed the 2021 cyberattack on Iranian gas stations to the Israeli government, citing two U.S. defense officials who spoke on condition of anonymity.

“This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” Predatory Sparrow said Monday.

“This group has been one half of a cyber conflict that was going on within Iran and Israel before the most recent violence erupted,” said John Hultquist, chief analyst at threat intelligence firm Mandiant. Iran has attributed Predatory Sparrow to the Israeli government but also to the militantly anti-Tehran group Mujahedin-e-Khalq, otherwise known as MEK, he said in an email.

Iranian hackers in 2022 launched a cyberattack paralyzing online access to Albanian government services using a logo of an eagle attacking a Star of David, an apparent riff on the Predatory Sparrow logo of a cartoon bird. The Albanian attack occurred just days before MEK was to host a two-day conference in the Albanian town of Manëz (see: Albania Cuts Diplomatic Ties With Iran After Cyberattack).

The group emerged from a self-declared hiatus on Oct. 9, stating on social media, “We’re back. We hope you’re following the events in Gaza.” Just days earlier, Hamas – a terrorist group with financial backing from Iran – launched a surprise attack along the Israeli border.

Reports from Iranian semi-official news agency Fars state that gas stations are resuming service throughout by going offline and initiating manual operations. The country has nearly 33,000 gas stations, according to The Associated Press.

During an appearance on Iranian state TV, Oil Minister Javad Owji reportedly blamed the disruptions on a cyberattack, and Iranian President Ebrahim Raisi demanded an investigation into the incident.