Pierluigi Paganini December 18, 2023

A group of Pro-Israel hacktivists, called Predatory Sparrow, is suspected of having carried out a cyber attack against petrol stations across Iran.

A Pro-Israel hacktivist group, called Predatory Sparrow (or Gonjeshke Darande in Persian), is suspected of having carried out a cyber attack against petrol stations across Iran.

Iranian state TV and Israeli local media reported that the attack took place on Monday and disrupted services at petrol stations in Iran. The cyber attack had a major impact in the capital, Tehran, where many petrol stations were forced to operate manually.

The Oil Minister Javad Owji told Iranian state TV that the attack has disrupted services at around 70% of Iran’s fuel stations. The Minister also added that the attack that the attack was launched by a foreign actor.

“At least 30% of gas stations are working, with the rest gradually resolving the disruption in services,” said Owji.

The oil ministry excluded any links to plans to increase the price of fuel.

“Iran’s civil defence agency, which is responsible for the country’s cybersecurity, said it was still considering all possible causes for the disruptions as it investigated.” reported Al Jazeera.

The Iranian state TV reported that the Predatory Sparrow group claimed responsibility for the attack.

“This cyberattack was carried out in a controlled manner to avoid potential damage to emergency services,” Predatory Sparrow said in its statement quoted by the Iranian media.

It isn’t the first time that Predatory Sparrow launched a cyber attack against Iran.

In late January, the group claimed responsibility for a wiper attack against the Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB).

The hacktivist group also claimed responsibility for the attacks against the national railway services in July 201, the transportation ministry, and the Iranian gas stations in October 2021.

Reza Navar, a spokesperson for Iran’s petrol stations association, told Fars news agency that the root cause of the outage was a software issue and experts are working to address it.

Navar excluded any fuel supply shortage, however, he called on drivers to not go to petrol stations.

The situation in cyberspace continues to be severe, hundreds of groups pro-Hamas and Pro-Israel are launching numerous cyber attacks.

In November 2023, Check Point researchers observed a Hamas-linked APT group is using the SysJoker backdoor against Israeli entities. In November, during a forensics investigation, Security Joes Incident Response team discovered a new Linux Wiper malware they tracked as BiBi-Linux Wiper.

The Pro-Hamas hacktivist group used the wiper to destroy the infrastructure of Israeli companies.

In this scenario, critical infrastructure in the Middle East are at risk of major attacks that can disrupt their services.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Iran)