Iran’s Mahan Air claims it has failed a cyber attack, hackers say the opposite

Iranian airline Mahan Air was hit by a cyberattack on Sunday morning, the “Hooshyarane Vatan” hacker group claimed responsibility for the attack.

Iranian private airline Mahan Air has foiled a cyber attack over the weekend, Iranian state media reported. The airliner’s flight schedule was not affected by the cyberattack.

“Our international and domestic flights are operating on schedule without any disruptions,” Amirhossein Zolanvari, head of the airliner’s public relation office told state TV.

According to Iran’s Fars News Agency, Mahan Air was hit by similar attacks “many times,” for this reason Mahan’s Cyber Security Team rapidly neutralized these attacks.

“This is considered a normal occurrence and Mahan’s Cyber Security Team has always acted intelligently and in a timely manner to neutralize these attacks,” said the company, adding that all flights were on schedule and that the company would update if any flights were disrupted.

Hooshyarane Vatan hacker group claimed responsibility for the attack and added that it was able to access internal documents, emails and reports that linked the airline to the IRGC. The group explained that the company was able to detect the security breach, but did not stop it.

The US had sanctioned Mahan Air in 2011 for providing financial, material, or technological support to Iran’s Islamic Revolutionary Guard Corps.

The tension is high between Teheran and the Western countries, the latter are blaming Iran for a series of attacks against organizations worldwide.

A joint advisory released by government agencies (the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)) in the U.S., U.K., and Australia warns that Iran-linked threat actors are exploiting Fortinet and Microsoft Exchange vulnerabilities in attacks aimed at critical infrastructure in the US and Australian organizations.

Microsoft Threat Intelligence Center (MSTIC) recently shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Over the past 12 months, MSTIC experts observed increasingly sophisticated attacks orchestrated by Iranian APT groups.

Iran has been targeted by a series of cyber attacks in the past months, in October a cyber attack has disrupted gas stations from the state-owned National Iranian Oil Products Distribution Company (NIOPDC) across Iran. The attack also defaced the screens at the gas pumps and gas price billboards.

Digital screens at the affected stations were displaying the message “cyberattack 64411,” which was also shown on the billboards of Iranian train stations during another attack that took place in July and that hit Iran’s railroad system.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Iran’s Mahan Air)

[adrotate banner=”5″]

[adrotate banner=”13″]