A hacking group that has previously been linked to Israel claimed on Monday to have paralyzed gas stations across Iran in a cyberattack.
The group known as “Gonjeshke Darande,” or “predatory sparrow,” said that it had disabled “a majority of the gas pumps throughout Iran.”
“This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” the group said in statements in Persian and English.
“Khamenei, playing with fire has a price,” the group warned. “This is just a taste of what we have in store.”
The group claimed to have gained access to the payment systems of the impacted gas stations, as well as each station’s central server and management system.
Since the start of Israel’s war with Hamas in Gaza, which began with a shock onslaught on October 7 in which Hamas terrorists massacred some 1,200 people in southern Israel and took around 240 hostages, Iranian-backed groups such as Hezbollah in Lebanon and the Houthis in Yemen have stepped up attacks against Israel.
Iranian state media reported that close to 70% of the country’s gas stations were out of service, citing a “software problem” as the cause and urging people not to rush to the stations that were still operational.
Iranian state TV quoted a statement from the country’s Oil Ministry that said that more than 30% of gas stations remain in service. The country has some 33,000 gas stations.
In a second statement published on Telegram, Gonjeshke Darande said, “As in our previous operations, this cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services.”
“We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation.”
The group is believed to be linked to the Israeli Military Intelligence Directorate.
It claimed responsibility for a cyberattack last year that forced the Iranian state-owned Khuzestan Steel Co. to halt production. A year prior, the group targeted Iran’s fuel distribution system, paralyzing gas stations across the country.
Israel generally maintains a policy of ambiguity regarding its operations against Iran, but Israeli military correspondents, who are regularly briefed off-the-record by senior Israeli officials, strongly hinted that the Military Intelligence’s Unit 8200 was responsible for the 2022 cyberattack on the Iranian steel plant.
The reports prompted then-defense minister Benny Gantz to order an investigation into media leaks that harmed Israel’s “ambiguity policy.”
In recent years, Iran has seen a series of cyberattacks on its filling stations, railway system and industries. Surveillance cameras in government buildings, including prisons, have also been hacked in the past.
The country disconnected much of its government infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint US-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.
Iran, long sanctioned by the West, faces difficulties in getting up-to-date hardware and software, often relying on Chinese-manufactured electronics or older systems no longer being patched by manufacturers, making them easier for a potential hacker to target. Pirated versions of Windows and other software are common across Iran.
A short while after reports emerged Monday of the Israel-linked cyberattack in Iran, Israel’s National Cyber directorate said that Iran and Hezbollah were behind a largely unsuccessful attempt last month to hack the Ziv Medical Center in Safed.
“In a joint effort by the cyber directorate, the IDF, the Shin Bet, and the Health Ministry and hospital teams, the attack was stopped before it could achieve its goal of disrupting the hospital’s operations and harming the medical care of civilians,” the directorate said in a statement.
“However, it was found that the group stole some sensitive information stored in the hospital’s systems,” it added.