[BreachExchange] Iran says cyberattack closes gas stations across country

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Tue Oct 26 11:05:29 EDT 2021


https://www.durangoherald.com/articles/iran-says-cyberattack-closes-gas-stations-across-country/

DUBAI, United Arab Emirates (AP) - Iranian state television says a
cyberattack has targeted gas stations across the Islamic Republic.

The announcement read on air comes after long lines formed at stations in
Tehran and elsewhere Tuesday.

State TV quoted an official with Iran's National Security Council
confirming the attack.

Oil Ministry officials were holding an “emergency meeting” to solve the
technical problem.

No group immediately claimed responsibility for the outage. However,
electronic billboards in one major city also appeared to have been targeted
in the hack.

THIS IS A BREAKING NEWS UPDATE. AP's earlier story follows below.

DUBAI, United Arab Emirates (AP) - Gas stations across Iran on Tuesday
suffered through a widespread outage of a government system managing fuel
subsidies, stopping sales in an incident that one semiofficial news agency
briefly referred to as a cyberattack.

An Iranian state television account online shared images of long lines of
cars waiting to fill up in Tehran. An Associated Press journalist also saw
lines of cars at a Tehran gas station, with the pumps off and the station
closed.

State TV did not explain what the issue was, but said Oil Ministry
officials were holding an “emergency meeting” to solve the technical
problem.

The semiofficial ISNA news agency, which called the incident a cyberattack,
said it saw those trying to buy fuel with a government-issued card through
the machines instead receive a message reading “cyberattack 64411.” Most
Iranians rely on those subsidies to fuel their vehicles, particularly amid
the country's economic problems.

While ISNA didn't acknowledge the number's significance, that number is
associated to a hotline run through the office of Iran's Supreme Leader
Ayatollah Ali Khamenei that handles questions about Islamic law. ISNA later
removed its reports.

Farsi-language satellite channels abroad published videos apparently shot
by drivers in Isfahan, a major Iranian city, showing electronic billboards
there reading: “Khamenei! Where is our gas?” Another said: “Free gas in
Jamaran gas station,” a reference to the home of the late Supreme Leader
Ayatollah Ruhollah Khomeini.

No group immediately claimed responsibility for the outage. However, the
use of the number “64411” mirrored an attack in July targeting Iran's
railroad system that also saw the number displayed. Israeli cybersecurity
firm Check Point later attributed the train attack to a group of hackers
that called themselves Indra, after the Hindu god of war.

Indra previously targeted firms in Syria, where President Bashar Assad has
held onto power through Iran's intervention in his country's grinding war.

Iran has faced a series of cyberattacks, including one that leaked video of
abuses its notorious Evin prison in August.

The country disconnected much of its government infrastructure from the
internet after the Stuxnet computer virus - widely believed to be a joint
U.S.-Israeli creation - disrupted thousands of Iranian centrifuges in the
country's nuclear sites in the late 2000s.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211026/f5170273/attachment.html>


More information about the BreachExchange mailing list