Suspected cyberattack temporarily disrupts gas stations across Iran
A software glitch believed to have been caused by a cyberattack has disrupted gas stations across Iran and defaced gas pump screens and gas price billboards.
The incident, which took place earlier this morning, impacted the IT network of NIOPDC, a state-owned gas distribution company that manages more than 3,500 gas stations across Iran.
According to reports in local media [1, 2, 3] and images and videos uploaded on social networks, the cyberattack caused NIOPDC gas stations to show the words "cyebrattack 64411" on their screens earlier in the morning.
The gas pumps could be used to refuel cars, but NIOPDC employees shut down operations after the company realized they couldn't track and charge customers for the fuel they put in their cars.
As gas stations around #Iran are out of service today, a photo is circulating showing one station with a message on a small monitor saying "cyber attack 64411." 64411 is the phone number for the Office of Iran's Supreme Leader. pic.twitter.com/rlrVLHjt76
— Iran International English (@IranIntl_En) October 26, 2021
Additionally, gas price billboards mounted by the NIOPDC across major cities also listed the same "cyberattack 64411" message, along with "Khamenei where is the gas?" and "Free gas at [local gas station's name]."
The 64411 number is the phone number for the office of Supreme Leader Ayatollah Ali Khamenei.
The same number was also shown on the billboards of Iranian train stations during a cyberattack that took place on July 9, when travelers were asked to call the Iranian leader and ask why their trains were late.
The July attack on Iranian train stations was later linked to a piece of data-wiping malware called Meteor.
Iranian petrol stations have been targeted by a nationwide cyber-attack, with digital screens displaying the message "64411" at pumps. Some billboards have been caught on video display the messaging: "Khamenei, where is our petrol?"pic.twitter.com/Ql8vofFbAF
— Shayan Sardarizadeh (@Shayan86) October 26, 2021
However, despite a slew of evidence posted on social media, a Ministry of Oil spokesperson played down reports of a "cyberattack" in an official statement released later in the afternoon and blamed the incident on a software glitch, according to Jahan News.
The same outlet later reported that refueling operations have resumed for affected gas stations.
Government officials also held an emergency meeting in regards to the incident, and some Iranian news outlets retracted reports of a cyberattack after receiving a scolding from the Iranian regime.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.