Cyber-attack disrupts Iran's national railway system
Train services were canceled or delayed in Iran after a cyberattack crippled the national railway company's computer systems on Friday morning.
The exact nature of the disruption is unclear, but the outage affected both passenger and cargo transportation services.
According to multiple local media outlets [1, 2, 3], the system used for managing train schedules along with ticketing services went down on Friday morning, local time.
Some scheduled trains were canceled, while others were delayed.
Boards inside some train stations listed the phone number for the office of Supreme Leader Ayatollah Ali Khamenei and asked travelers to call for additional details.
Spokespersons for the Islamic Republic of Iran Railways (IRIR) and the Ministry of Roads and Urban Development initially denied rumors of a cyberattack in statements offered to local media in the afternoon [1, 2, 3], despite the obvious defacements of some train announcements boards.
Officials described the incident as a technical issue and said passenger and freight trains were running normally by 7 PM local time, although with some delays, with staff managing schedules by hand.
However, Iranian officials confirmed the attack on Saturday, after screenshots leaked online of defaced computers belonging to the Ministry of Roads and Urban Development.
In May 2020, hackers, later linked to the Israeli government, disrupted the activities of the port of Bandar Abbas, the country's largest port in the Strait of Hormuz. The attack came after Israel accused Iran-sponsored hackers of trying to meddle with its water treatment systems.
Article updated on Sunday, July 11 with official confirmation of the attacks from Iranian officials.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.