Iran claims it stopped large cyberattack on country’s infrastructure

Iran repelled a “widespread and complex” cyberattack targeting the country’s infrastructure on Sunday, according to a senior official who spoke to the Islamic Revolutionary Guard Corps-linked Tasnim News Agency.

The incident, which was not described in detail, was revealed by Behzad Akbari, the head of the government’s Telecommunication Infrastructure Company (TIC).

“One of the most widespread and complex cyber attacks against the country's infrastructure was identified and preventive measures were taken,” Akbari said. The TIC did not immediately respond to a request for more information.

The cyber incident occurred a day after a large explosion at Shahid Rajaei, the country’s largest commercial port, which has killed at least 28 people and injured 800 more, according to the authorities. The cause has not been confirmed. There is no indication it was linked to any cyber operations.

Maritime risk consultancy Ambrey Intelligence has said the explosion was caused by the “improper handling of a shipment of solid fuel intended for use in Iranian ballistic missiles” which had been imported from China, although Iran’s defense ministry has denied such reports.

It comes amid ongoing negotiations between Iran and the United States over the Islamic Republic’s controversial nuclear program, amid fears that the country would seek to enrich uranium to the levels that might allow it to create a nuclear weapon.

Iran has faced several notable cyberattacks in recent years, including ones affecting the country’s fuel system in 2021, and a steel mill in June 2022 — both claimed by a group calling itself Predatory Sparrow that said its attacks were “carried out carefully to protect innocent individuals.”

While the Predatory Sparrow group describes itself as composed of dissidents, the attack on the steel mill appeared to be conducted with sophisticated operational planning in order to avoid any loss of life, prompting speculation that it was sponsored by a foreign state agency with a risk management process.

Iranian officials blamed the United States and Israel for the 2021 cyberattack on Iran’s fuel systems, without providing any evidence. At the time the head of the country’s civil defense, Gholamreza Jalali, told state television: “We are still unable to say forensically, but analytically I believe it was carried out by the Zionist Regime, the Americans and their agents.”

Jalili said that he believed the U.S. and Israel were behind a cyberattack targeting the electronic infrastructure of the Shahid Rajaei port authority back in 2020, although again without providing evidence. The U.S. and Israel are believed to have collaborated on the Stuxnet worm, which was discovered in 2010, designed to sabotage Iran's nuclear program.