Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention
Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult for many citizens to refuel their cars.
While specific details of the incident remain unclear, Iranian state broadcasters cited an unnamed government official who said malicious cyber activity was responsible for the outages. Oil Ministry officials conducted an “emergency meeting” to resolve the issue, while Associated Press journalists observed long lines of motorists dealing with gas shortages at fuel stations in Tehran.
The “semiofficial” news agency ISNA reported that fuel pumps would state the message “cyberattack 64411” upon trying to purchase gas, the Associated Press reported. The same number, 64411, also appeared in a July cyber incident that affected Iranian rail systems, a matter that the security firm Check Point attributed to Indra, a hacking group that identifies itself as an Iranian government resistance group. The 64411 number reportedly belongs to an office of Iran’s Supreme Leader, Ayatollah Ali Khamenei.
After the apparent breach affecting gas services, the same number accompanied a message asking Khamenei where Iranians could locate fuel supplies.
Few details about the Indra hacking group were immediately available. Investigators from Check Point, though, determined that Indra’s rail attacks had technical similarities to breaches affecting multiple private companies in Syria, carried out since 2019. Attackers used three different versions of a so-called wiper malware — capable of deleting data to cover its tracks after an infection — called Meteor, Stardust and Comet.
Researchers in July also urged caution about definitive attribution.
“While most attacks against a nation’s sensitive networks are indeed the work of other governments, the truth is that there is no magic shield that prevents a non-state sponsored entity from creating the same kind of havoc, and harming critical infrastructure in order to make a statement,” Check Point said in a blog post at the time.
