The Jerusalem Post:
With the details still hazy, speculation is rife about whether the purported attack came from the US, Israel or from local Iranian anti-regime groups.
According to reports, messages were posted in some systems that were hacked, addressing Iran’s Supreme Leader Ayatollah Ali Khamenei directly and demanding to know, “Where is the gas?” The attack comes some two years after nationwide protests over gas shortages in fall 2019.
“The disruption at the refueling system of gas stations... in the past few hours, was caused by a cyberattack,” state broadcaster IRIB said. “Technical experts are fixing the problem and soon the refueling process... will return to normal.”
The Oil Ministry said only sales with smart cards used for cheaper, rationed gasoline were disrupted and that clients could still buy fuel at higher rates, the ministry’s news agency, SHANA, reported.
Last week, Iran carried out a complex and coordinated strike on US forces in Syria using up to five armed drones to attack the Tanf garrison at a key strategic point near the Jordan-Iraq border.
The attack was the latest in a series of drone strikes on US forces.
In a press briefing on Monday, US Envoy on Iran, Rob Malley, mentioned possible upcoming US action to deter Iranian aggression in the region although he declined to elaborate what those actions might be.
The US is considered to be the world’s most potent cyber power by far but it has often been hesitant to use its offensive cyber capabilities against groups other than ISIS, for fear of cyber retaliation.
Under the Trump administration, the US did hack certain major Iranian intelligence sea-based operations to get the Islamic Republic to back away from attacking American allies at sea.
But the Biden administration has not done so to date, as it has focused on building goodwill for a mutual return to the 2015 nuclear deal, the JCPOA.
Israel reportedly hacked Iran’s Shahid Rajaee Port on May 9, 2020, as a counter strike for an attempted Iranian cyber strike on Israel’s water supply system the previous month.
Iran has also accused the Mossad, the US and European intelligence agencies of using the STUXNET virus to hack its Natanz nuclear facility in 2009-2010.
Former Shin Bet (Israel Security Agency) cyber official Harel Menashri told KAN radio that there was a good chance that to accomplish such a broad and successful attack on Tuesday, the hacker would have to be a nation-state actor.
However, recent months have also shown that amateur hackers can cause major disruption to the US and European powers with sophisticated ransomware and other means, and the Khamenei regime has many local enemies among Iran’s many minorities.
In August, Check Point Software Technologies issued a report stating that an Iranian dissident group called Indra, not Israel, executed the mega-hack on the Islamic Republic’s train system on July 9.
Check Point said Indra’s hack was “an example for governments around the world of how a single group can create disruption on critical infrastructure.”
If non-state groups are traditionally thought of as lacking the capability to do more than hack websites and data, this was an example of such a non-state group causing profound real-world damage.
Indra’s tools destroyed data without direct means to recover it by using a “wiper,” or malware designed to wipe the entire data system of critical infrastructure, making the recovery process complicated, locking users out of machines, changing passwords, and replacing wallpapers to custom messages crafted by the attackers.
The hack included the posting of fake messages about train delays and cancellations on display boards across Iran.
Reuters contributed to this report.