Predatory Sparrow, a hacktivist group that is little known, took credit for the hacking that halted Iran’s steel industry.
One of Iran’s largest steel companies, Khuzestan Steel Company, was hit by a massive cyber attack on Tuesday, bringing the industry to a grinding halt.
It is unknown what the full extent of the impact could be on Iran’s economy, and even military or nuclear industries, as Tehran prepares to return to nuclear talks with the world powers.
The hacktivist group Predatory Sparrow, which is still little known and took credit for a major October 2021 hack of the country’s gas stations, took credit for the attack.
Tel Aviv University cyber expert Omri Wechsler said that the hack was noteworthy because the nature of the large industrial systems in play would likely have required intelligence penetration of the facilities, potentially also physically.
In this case, there could be some connection between Predatory Sparrow, or whoever else might have carried out the hack, and a nation-state with a powerful intelligence agency – such as for example the Mossad.
Check Point has speculated that some anti-Iran hacktivist groups may get assistance from nation-states, and besides Israel, the Islamic Republic could also be under cyber attack by the US, the Saudis, the UAE and others with significant cyber capabilities.
That said, other groups besides the Mossad, including Indra, anti-regime Iranian dissidents, have been responsible for other major attacks.
Previous large cyberattacks
On October 26, 2021, there was a sudden outage at every single one of Iran’s 4,300 gas stations nationwide.
The cyberattack shut down a networked system that provided Iranians across the country with government-issued cards access to buy fuel at subsidized prices.
Instead of purchasing their subsidized gas, card users who tried to do so were sent the message “cyberattack 64411.” This was the phone number for the hotline run by Iran Supreme Leader Ayatollah Ali Khamenei’s office.
Predatory Sparrow said it carried out the hack in response, “to the cyber actions by Tehran’s terrorist regime against the people in the region and around the world,” in a Telegram post.
“We are still unable to say forensically, but analytically I believe it was carried out by the Zionist regime, the Americans and their agents.”
Head of Irans Civil Defense Organization Brigadier General Gholamreza Jalali
This analysis is boosted by evidence that the hack had multiple goals beyond the tensions it created between the regime and the public.
Iranian officials say that the hackers may have accessed data on its global oil sales. Put differently, the cyber attackers may have seized a closely-held state secret about exactly how Iran evades international sanctions.
This crucial data is saved on the ministry’s computer servers, which is a system that is air-gapped, meaning it is not connected to the internet. So Iran was suspicious not only that Israel was the hacker, but that it had assets inside the Oil Ministry.