cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Cyber attack shuts down Iranian petrol stations, threat actors unknown

A cyber attack shut down the nation’s petrol pumps in an incident similar to July's transport hacks, with the internet abound with rumours over the source.

user iconReporter
Thu, 28 Oct 2021
Cyber attack shuts down Iranian petrol stations, threat actors unknown
expand image

On Wednesday this week, Iranian state media confirmed that an alleged cyber attack shut down the nation’s civilian petrol stations.

Media outlet Jerusalem Post quoted state broadcaster IRIB noting that, “the disruption at the refueling [sic] system of gas stations ... in the past few hours, was caused by a cyber attack ... Technical experts are fixing the problem and soon the refueling [sic] process ... will return to normal.”

However, not all state media commentators agreed on the source. IRIB commentators were further quoted suggesting that the shutdown was as a result of a software glitch.


Forbes further reported that an Iranian official asked Iranians to disregard rumour mongering, while a source “close to the Supreme National Security Council confirmed that a cyber attack was to blame”.

While still early, reports have indicated that those suffering attacks are government-issued petrol card holders.

During the attack, petrol bowsers displayed the slogan “cyber attack 64411”, a reference to the Iranian government’s phone number that answers queries regarding Islamic Law.

It is unknown what groups were responsible for the incident.

Analysts were quick to point out that the hack resembled a series of attacks in July this year, where cyber actors breached the country’s train system and posted the same 64411 phone number. The threat actors took the transport ministry’s website down shortly after.

The story of the cyber incident comes as cyber security company Proofpoint uncovered attempts from groups allegedly connected to the Islamic Revolutionary Guard Corps to "honeypot" defence and aerospace contractors.

A multi-year campaign by an Iranian hacking group considered to be linked to the Islamic Revolutionary Guard Corps (IRGC) to hack the computer of a defence contractor was uncovered by cyber security company Proofpoint in July.

Carefully crafting the character Marcela (Marcy) Flores, the hackers added their target as a friend on Facebook in late 2019 before kickstarting their online friendship by exchanging messages in November of the following year. The cyber criminals finally struck in June 2021, attempting to infect the target's computer with malware via an email.

The target works as a defence contractor in the aerospace industry in the US.

According to the carefully crafted profile, Flores was an aerobics instructor at the Harbour Health Club in Liverpool, UK, and graduated from the University of Liverpool in 2012.

[Related: Iranian hackers pose as female to honeypot defence contractor]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.