Cyber Group With Reported Links To Israel Cripples Iran’s Gas Stations

File photo of congestion at a gas station in Iran
File photo of congestion at a gas station in Iran

The cyberattack that crippled gas stations across Iran on Monday was claimed by a hacking group that Iran has previously accused of having links to Israel.

The hacking group "Gonjeshk-e-Darande" or Predatory Sparrow announced the attack on X, claiming that they took out “a majority of the gas pumps throughout Iran.” Tehran cites a “software problem" as the cause behind the nationwide shutdown and says about 90 percent of the stations will be back on track by the end of the day.

Oil Minister Javad Owji earlier told Iranian state TV that services had been disrupted at about 70% of Iran's petrol stations and that outside interference was a possible cause. Reza Navar, spokesperson for Iran’s petrol stations association, said 60 percent were out.

Iran’s Oil Minister Javad Owji visiting a gas station in Tehran amid a cyberattack on December 18, 2023
Iran’s Oil Minister Javad Owji visiting a gas station in Tehran amid a cyberattack on December 18, 2023

The hacking group, whose nom de guerre is a wordplay in reaction to Iranian state-backed cyber-crime outfit Charming Kitten, said in statements in Persian and English that “the cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region.” They added, “We will impose cost for your provocations. This is just a taste of what we have in store.”

Addressing Iran’s Supreme Leader, the group said, “Khamenei, playing with fire has a price.”

The attack comes as Iran’s proxies like Hezbollah in Lebanon and the Houthis in Yemen have stepped up attacks against Israeli and US targets on the backdrop of the war in Gaza. Hamas declared war on Israel on October 7 after its militia invaded by air, land and sea, killing 1,200 mostly civilians and taking 240 captives. Iran supports Hamas but says it did not play any role in the Islamist militants' October 7 terror attack.

As measures “to limit potential damage to emergency services,” the hacking group said it “delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation.”

The group rose to prominence as a hacktivist two years ago for a similar cyberattack on fuel distribution centers across Iran on the eve of the second anniversary of the bloody suppression of the November 2019 protests. In a separate incident, they claimed responsibility for hacking the state railway company.

Last year, the group garnered attention for successfully penetrating the computer systems of major steel companies in Iran. They went on to share videos and images showcasing their hacking prowess and operation. At the time Israeli military correspondents, who are regularly briefed off-the-record by senior Israeli officials, hinted that Israel was behind that hack, according to the Times of Israel.

Iran has a history of cyber incidents, with one of the most notable being the Stuxnet computer virus, believed to have been developed by the United States and Israel. The Stuxnet virus, discovered in 2010, was used to attack an Iranian uranium enrichment facility, marking the first publicly known instance of a virus being utilized to sabotage industrial machinery.

In the past few days, two refineries in Iran burnt down. Less than a week after a devastating fire engulfed the Birjand oil refinery in east Iran, another refinery in Esfahan (Isfahan) faced a similar fate as it succumbed to flames on Saturday, December 16. In the December 10 incident, all 18 hydrocarbon tanks at the Birjand oil refinery in South Khorasan were consumed by flames.

Hadi Beiginezhad, a member of the Energy Committee in the parliament, criticized the authorities for not learning from the past similar attacks, saying that administrations do not pay attention to the infrastructure of the fuel distribution network.

"We don't know if this incident is technically a hack or if a hack has occurred at all. But what we do know is that the infrastructure of product distribution in the country is facing issues because the enemy has been able to take advantage of our negligence, both in terms of investment and infrastructure,” he said, noting that “the enemy has learned well which channels to strike... They have infiltrators and can easily carry out such sabotage operations."

Iran has witnessed a series of industrial accidents, including fires in oil facilities, petrochemical plants, and industrial centers in recent years. The incidents are often attributed to outdated technology, the use of substandard equipment, and the aging and deterioration of structures. While authorities have not provided comprehensive explanations for these incidents, they have attributed several high-profile sabotage attacks to Israel. However, Israel has not officially claimed responsibility for any of the incidents. Notably, numerous unexplained explosions and fires have occurred at various Iranian military, nuclear, and industrial facilities, including pipelines and refineries, since mid-2020. On January 28, a significant fire erupted at an Iranian military industrial factory, suspected to be the result of a drone strike in Esfahan.

Every now and then, the Islamic Republic announces that it has busted Israel-linked groups planning sabotage operations against its facilities. Israel has neither denied nor confirmed the allegations.

Some Iranians speculate on social media that the hacking of the gas stations can serve as an excuse for the government to increase gasoline prices that are the cheapest in the world after Venezuela. The Iranian government sells one liter of gas for 3 US cents, or 10 cents a gallon, as a long-existing subsidy for domestic consumers. However, the Oil Ministry announced that the disruption at fuel stations is in no way connected to a change in gasoline prices.