Friday , 19 July 2024

Hacking Group ‘Predatory Sparrow’ Takes Down Steel Plants in Iran

Iranwire – On Monday two large Iranian steel firms, Mobarakeh Steel Company in Isfahan and Khuzestan Steel Industries, were reported to have been the target of large-scale cyberattacks. So severe was the impact on the latter that its production line temporarily ground to a halt.

A hacktivist group calling itself Predatory Sparrow – an inverted echo of Iranian state-backed cyber-crime outfit Charming Kitten – then posted a video online claiming responsibility for the attacks. “Today,” the accompanying message read, “Iran’s steel industry is affiliated with the IRGC and Basij. These companies continue to operate despite international sanctions against them.”

The group said it had also targeted a company in Hormozgan, adding: “These operations were carried out with extreme care to prevent any harm to innocent people.”

The same consortium of hackers also claimed responsibility for a cyberattack on gas stations in Iran last October, which brought down the fuel card system at gas stations across the country for days on end.

A Threat Faced Down – or Narrowly Avoided?

The Iranian National Cyberspace Center’s public relations office confirmed the attacks on Monday, blaming them on “foreign enemies”. The statement added: “Security systems quickly took action to contain and repel the effects.”

The CEO of Khuzestan Steel Company, Amin Ebrahimi, also told the official news agency IRNA that in-house teams had been able to thwart the attack before it did any damage. “At 5.15am this morning some of Khuzestan Steel Company’s systems were attacked,” he said, “but with timely action and vigilance, the attack failed and no damage was done to the production line. The line is already active and the brief disruption to the company’s website, information channels and SMS systems is being resolved.”

In fact, the attack is understood to have taken place between midnight on Sunday and 6am Tehran time on the Monday. Both Mobarakeh and Khuzestan Steel’s websites went offline and were still down at the time this report was being compiled on Tuesday.  

Sources within those two companies also told IranWire that the only reason no serious damage was done to their production line was that they are currently switched off at night, due to restrictions on the electricity supply. A source within Khuzestan Steel told IranWire on Tuesday their line was still down and would likely take two days to get up and running again.

“Due to constraints on power and the state of repair,” they said, “the systems were inactive at the time of the attack, so they weren’t as damaged as they might have been… but the production line is currently completely closed.”

“Since Monday morning all ICT personnel have been redeployed to deal with the problems that have arisen. The cyberattack affected two areas: production and the security system. They even gained access to the Telegram channel.”

A Mobarakeh employee told IranWire the attack on their firm had come through the company’s main server. “The only reason it didn’t cause physical damage to the production line was the constraints on [the company’s] electricity usage,” they said. “That’s one of the main reasons the machinery stops running overnight.”