Iran’s fuel distribution system hit by similar cyberattacks twice, VP admits

A general view of a gas station during a gas station disruption in Tehran, Iran, December 18, 2023.
A general view of a gas station during a gas station disruption in Tehran, Iran, December 18, 2023.

Mohammad Reza Aref, Iran’s First Vice President, revealed that the country's fuel distribution system was hit by two identical cyberattacks within a year, both targeting critical infrastructure without any preventive measures taken.

Speaking at a ceremony on Sunday to introduce new Oil Minister Mohsen Paknejad, Aref referenced the cyberattacks carried out by the hacking group Predatory Sparrow in 2023, which crippled Iran’s fuel supply system.

Aref’s comments highlighted the government's ongoing failure to secure key infrastructure. "It is said once bitten twice shy, but two identical attacks happened within a year," Aref said, directly criticizing the lack of security improvements. He urged Paknejad to prioritize cybersecurity across the oil industry, a sector that continues to face threats under the system's mismanagement.

The remarks come as gas stations in multiple Iranian cities are facing major shortages. Citizens report being stranded as fuel is only available with government-issued ration cards, with no access to gas at market prices, which are double the subsidized rate.

A gas station in Iran
A gas station in Iran

The December 18, 2023, attack affected around 70% of Iran’s gas stations. With the fuel distribution system offline, subsidized gasoline purchases were blocked, and fuel was only available at market rates in certain areas.

Following the attack, Gholamreza Jalali, head of the Passive Defense Organization, admitted that a "vulnerability in the payment and receiving network" allowed hackers to breach the system. The Passive Defense Organization later confirmed that malware had caused widespread disruption, warning the Oil Ministry in 2020 about insecure connections in the fuel system—warnings that were ignored.

However, Aref did not specify the exact timing of the second attack within the year, as the only one publicly reported occurred on December 18.

This was not the first time Iran’s fuel network was targeted. In November 2021, just before the second anniversary of the Islamic Republic’s crackdown on the November 2019 protests, hackers once again paralyzed the country’s fuel stations, leaving many without access to fuel for weeks. At the time, 4,300 stations were disrupted, and hackers managed to hijack billboards in Isfahan with slogans like “Khamenei! Where’s our gasoline?” mocking the government's inability to provide basic services.

Congestion at an Iranian gas station (file photo)
Congestion at an Iranian gas station (file photo)

Despite claims from officials that the Islamic Republic’s national internet, or "intranet," would bolster cybersecurity, the country’s critical systems remain vulnerable. Hadi Beigi-Nejad, a member of the parliament, stated in December that "the enemy" had infiltrated Iran’s infrastructure, signaling internal vulnerabilities.

The Passive Defense Organization reported in December that it had identified and thwarted 10 major attacks on national infrastructure in 2022. However, the organization warned that Iran’s fuel system remains at risk, confirming the ongoing inadequacies in the ach to cybersecurity.