Hackers Set Fire To An Iranian Steelworks

Uploaded on 2022-07-20 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world, but a cyber attack on a steel maker in Iran is being seen as a significant event.

The attack caused "massive damage" to a steel factory, causing an emergency shutdown.

A hacking group calling itself 'Predatory Sparrow' has claimed responsibility for the attack, which it said caused a serious fire and has subsequently released a video to back up its story. 

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses. In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to the equipment. 

Now, security experts are asking who is behind 'Predatory Sparrow' which some say is state-sponsored military hacking group. Its name, a play on the name of the Iranian cyber warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran. Also known by its Persian name, 'Gonjeshke Darande' the group say this was one of three attacks it carried out against Iranian steel makers in June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails. On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber attacks, being carried out carefully to protect innocent individuals." That last sentence has attracted considerable attention as, from their public claim, the hackers knew that they were putting lives in danger and were careful to make sure the factory was empty before launching their attack. 

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this since the 2010 Stuxnet attack on Iran's uranium enrichment facilities. Stuxnet was a computer virus that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme. The attack has been widely attributed to Israel and US military hackers working in combination, although this has never been officially confirmed.  

Since Stuxnet, there have been very few confirmed cases of physical damage and nation-state cyber attacks of this kind are more commonly designed to cause disruption, without causing real physical damage. That may now be about to change.

If Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? According to Israeli media reports, Defence Minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack. The minister is possibly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei. In both cases, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that is thought to have hacked Iranian train station displays in 2021. The steel factory attack, however, is a sign that the stakes are getting higher.

IQStock:    HeadTopics:     BBC:     Yahoo:        Shout Radio:    Userwalls:     Nation World News:  

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:

 

« Migrating to the Cloud: Security Risks and Concerns
Millions Of Canadian Households & Businesses Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

PixelQA

PixelQA

Are you looking for a security testing company to cross-check whether your software or mobile app has a possible security threat or not?

Siometrix

Siometrix

Siometrix addresses digital identity fraud. It steals your attacker's time and prevents many prevalent attack vectors.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

Sec3

Sec3

Sec3 is a security and research firm providing bespoke audits and cutting edge tools to Web3 projects.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

UltraViolet Cyber

UltraViolet Cyber

UltraViolet is an industry leading tech-enabled managed security services company.

Arctera

Arctera

Arctera simplifies data management to keep you secure. Our company operates as three units - Data Compliance, Data Resilience, and Data Protection.

Blind Insight

Blind Insight

Field-level searchable encryption plus fine-grained programmable access controls. All wrapped neatly in developer-friendly APIs and SDKs. Data protection perfection.