Cyber war: Israel’s hackers take out Iran’s petrol stations

Cyber war: Israel's hackers take out Iran's petrol stations
Cyber war: Israel's hackers take out Iran's petrol stations

‘Iran and Israel are in a full-scale cyber war, it’s just not visible,’ said one cybersecurity investigator.

A prolific “hacktivist” group with links to Israel has claimed responsibility for a sophisticated cyberattack that shut down most petrol stations in Iran on Monday, as analysts warned hostilities between the longtime enemies are likely to escalate.

Iran’s Oil Minister, Javad Owji, said that the attack had taken out around 70 per cent of stations across the country. Disruptions were ongoing late on Monday, according to Iranian state media.

The National Iranian Oil Products Distribution Company said pumps were affected by a “technical problem” caused by a “conspiracy of enemies”, without naming a suspect.

The attack was claimed by a group named Gonjeshke Darande or “Predatory Sparrow” which said on its social media channels: “This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region.”

“Khamenei, playing with fire has a price”, the group added, referring to Iran’s Supreme Leader Ayatollah Khamenei. “We will impose cost for your provocations. This is just a taste of what we have in store.”

Predatory Sparrow has previously claimed a string of attacks on infrastructure in Iran, including another attack on gas stations in 2021, and the sabotage of a steel plant last year.

Israeli TV stations reported the involvement of Israel’s military intelligence in the steel plant attack, leading to an investigation ordered by defence minister at the time, Benny Gantz, over concerns that Israel’s “ambiguity policy” had been violated.

Israel has a policy not to declare involvement in attacks against Iran, which extends to airstrikes against Iran and its allies in Syria, sabotages of military facilities in Iran, as well as cyberattacks such as the Stuxnet virus used to target Iran’s nuclear programme, widely attributed to an Israel-US collaboration.

Israeli media typically refer to the Predatory Sparrow group as either Israeli or “Israel-linked”. Israel’s government declined to comment on the cyberattack on Monday.

Gil Messing, chief of staff at US-Israel cybersecurity firm Checkpoint Software, said the group displays “nation state capabilities” in their attacks. The firm found that a previous attack claimed by Predatory Sparrow used “malicious tools that heavily rely on internal knowledge.”

Iran has allegedly launched a series of cyberattacks against Israel in recent years, including a failed attempt to interfere with the water supply in 2021. Israel accused Iran of responsibility for a cyberattack on a hospital in which records were stolen earlier this month.

A cybersecurity investigator at a leading international firm, speaking anonymously, told i that “Iran and Israel are in a full-scale cyber war, it’s just not visible.”

The investigator said the sophistication of the attack suggested that it was “state sponsored”. Iran’s petrol stations may have have been an easier target as they rely on decade-old IT systems that are vulnerable to hacking, they said, but hackers on both sides are also targeting more criticial government and military infrastructure.

Ali Vaez, Iran project director at Crisis Group, predicted that attacks would escalate.

“Even when tensions between Iran and Israel were not at a boiling point, the two regularly engaged in cyber warfare against one another,” he said. “Now, with Israel itching to get back at Iran for its complicity in the horrible 7 October attack through supporting Hamas, these tit-for-tats are bound to intensify.”

“But neither cyber attacks nor other covert operations have deterred either side,” he added.

Tensions between the countries have been further heightened by attacks on Israel from Iran’s allies Hezbollah in Lebanon and the Houthis in Yemen, part of the so-called “Axis of Resistance” along with Hamas in Gaza.

A former UK Foreign Office official based in the Middle East described the cyberattack as “messaging” from Israel.

“Because of what Iran is doing around Israel at the moment with the Axis of Resistance attacks, they feel they need to respond,” the source said. “The message is: look, we can take out the lights in Tehran… and if you carry on we will do something more damaging.”

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here