Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult for many citizens to refuel their cars.
While specific details of the incident remain unclear, Iranian state broadcasters cited an unnamed government official who said malicious cyber activity was responsible for the outages. Oil Ministry officials conducted an “emergency meeting” to resolve the issue, while Associated Press journalists observed long lines of motorists dealing with gas shortages at fuel stations in Tehran.
The “semiofficial” news agency ISNA reported that fuel pumps would state the message “cyberattack 64411” upon trying to purchase gas, the Associated Press reported. The same number, 64411, also appeared in a July cyber incident that affected Iranian rail systems, a matter that the security firm Check Point attributed to Indra, a hacking group that identifies itself as an Iranian government resistance group. The 64411 number reportedly belongs to an office of Iran’s Supreme Leader, Ayatollah Ali Khamenei.
After the apparent breach affecting gas services, the same number accompanied a message asking Khamenei where Iranians could locate fuel supplies.
As gas stations around #Iran are out of service, video is circulating showing a sign displayed on a highway asking Khamenei where is our gasoline? This reminds me of the incident in July during the cyberattack on the rail system, directing travelers to call Khamenei's office. https://t.co/XqUoXR9vep
— Jason Brodsky (@JasonMBrodsky) October 26, 2021
Few details about the Indra hacking group were immediately available. Investigators from Check Point, though, determined that Indra’s rail attacks had technical similarities to breaches affecting multiple private companies in Syria, carried out since 2019. Attackers used three different versions of a so-called wiper malware — capable of deleting data to cover its tracks after an infection — called Meteor, Stardust and Comet.
Researchers in July also urged caution about definitive attribution.
“While most attacks against a nation’s sensitive networks are indeed the work of other governments, the truth is that there is no magic shield that prevents a non-state sponsored entity from creating the same kind of havoc, and harming critical infrastructure in order to make a statement,” Check Point said in a blog post at the time.