Iran confirms nationwide cyberattack on gas stations

A cyberattack has disrupted the operation of gas stations throughout Iran, authorities confirmed on Monday.

According to Iran's oil minister, Javad Owji, “outside interference” took out about 70% of gas stations nationwide. He told local media that about 1,650 stations remain operational, while others are forced to operate their pumps manually. According to various media reports, Iran has around 33,000 gas stations.

Iranian authorities blamed the attack on Israel and the U.S. Tensions between Tel Aviv and Tehran are already high due to the ongoing war between Israel and the Palestinian militant group Hamas, which is reportedly supported by Iran.

The attack on Iran also coincided with the arrival of U.S. Defense Secretary Lloyd Austin in Israel, following a drone attack by an Iran-backed group that posed a threat to commercial and U.S. Navy ships in the Red Sea.

An Israel-linked hacking group called Predatory Sparrow claimed responsibility for the cyberattack on Iran's gas stations on Monday, saying that it was a retaliation for the aggression of Iran and its allies in the region.

“A month ago we warned you that we’re back and that we will impose cost for your provocations. This is just a taste of what we have in store,” the hackers said.

The group claimed that it breached the central servers of gas stations, gaining access to specific station information, payment system details, and management systems.

Iranian authorities did not comment on these claims, and they have also not publicly confirmed whether any information was accessed during the attack.

Israeli media reported that the Predatory Sparrow hackers are believed to be linked to Israeli military intelligence. The hackers previously claimed responsibility for cyberattacks on the Iranian state-owned steel company and fuel distribution system, both of which were successful.

The group said in a statement on Telegram that, similar to its previous operations, the latest attack on Iran "was conducted in a controlled manner" to limit potential damage to emergency services.

“We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed… despite our access and capability to completely disrupt their operation,” the hackers said.

The Israel Cyber Directorate didn’t comment on Predatory Sparrow’s recent operation, but on the same day as the attack it issued a statement blaming Iran for an attempted cyberattack on a hospital in Israel in late November.

The agency claimed that the attack on Ziv Medical Center was carried out by the hacker group known as Agrius, affiliated with Iranian intelligence. The attack was “aimed at disrupting the hospital's operations but ultimately failed,” the statement said.

During this operation, the hacker group linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. Israeli cyber authorities confirmed that the attackers managed to extract some private data stored in the hospital's systems but didn’t mention what kind of data it was.

In recent months, there have been more public reports on Iran's cyberattacks against Israel than there have been about Israeli attacks targeting Iran.

In October, an Iranian state-backed hacker group was caught spying on the government, military, and telecom sectors in the Middle East, including Israel. In November, researchers reported that Iranian Imperial Kitten hackers targeted organizations in Israel’s transportation, logistics, and technology sectors, while two other groups were observed deploying new destructive malware against organizations in Israel.