Suspected cyberattack temporarily disrupts gas stations across Iran
Image: Sippakorn Yamkasikorn
Catalin Cimpanu October 26, 2021

Suspected cyberattack temporarily disrupts gas stations across Iran

Catalin Cimpanu

October 26, 2021

Suspected cyberattack temporarily disrupts gas stations across Iran

A software glitch believed to have been caused by a cyberattack has disrupted gas stations across Iran and defaced gas pump screens and gas price billboards.

The incident, which took place earlier this morning, impacted the IT network of NIOPDC, a state-owned gas distribution company that manages more than 3,500 gas stations across Iran.

According to reports in local media [123] and images and videos uploaded on social networks, the cyberattack caused NIOPDC gas stations to show the words “cyebrattack 64411” on their screens earlier in the morning.

The gas pumps could be used to refuel cars, but NIOPDC employees shut down operations after the company realized they couldn’t track and charge customers for the fuel they put in their cars.

Additionally, gas price billboards mounted by the NIOPDC across major cities also listed the same “cyberattack 64411” message, along with “Khamenei where is the gas?” and “Free gas at [local gas station’s name].”

The 64411 number is the phone number for the office of Supreme Leader Ayatollah Ali Khamenei.

The same number was also shown on the billboards of Iranian train stations during a cyberattack that took place on July 9, when travelers were asked to call the Iranian leader and ask why their trains were late.

The July attack on Iranian train stations was later linked to a piece of data-wiping malware called Meteor.

However, despite a slew of evidence posted on social media, a Ministry of Oil spokesperson played down reports of a “cyberattack” in an official statement released later in the afternoon and blamed the incident on a software glitch, according to Jahan News.

The same outlet later reported that refueling operations have resumed for affected gas stations.

Government officials also held an emergency meeting in regards to the incident, and some Iranian news outlets retracted reports of a cyberattack after receiving a scolding from the Iranian regime.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.