Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Pro-Israeli Hacktivists Attack Iranian Gas Stations

Iranian officials blame a software issue for the "disruption" to gasoline pumps.

2 Min Read
Fuel pumps at a gas station
Source: Konstantin Savusia via Alamy Stock Photo

Hacktivist group Predatory Sparrow says it was behind a cyberattack on gas stations across Iran that disrupted operations.

Between 60% and 70% of Iranian gas stations reportedly have been affected.

Meanwhile, Reza Navar, a spokesperson for Iran's petrol stations association, told state news that a software issue was the culprit, and that it's being resolved. He advised drivers not to visit petrol stations.

Iran's oil minister Javad Owji said outside interference was a possible cause, according to Reuters.

Predatory Sparrow posted a series of screenshots showing what it called a "small corner of proof of our activity on the network." The post said the images included the names of the fuel stations, payment systems information, photos of when the group was inside the network, and the fuel station management system.

The pro-Iranian hacktivist group said in messages on X, formerly Twitter, that the cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services.

"We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation," the group posted.

Predatory Sparrow previously carried out a cyberattack in 2021 on an Iranian payment system linked to a national network of fuel pumps.

Yossi Rachman, director of security research at Semperis, said in an emailed analysis of the attack that Predatory Sparrow hit at least one server by compromising technical support, or potentially other administrative privileged accounts within the system, to take control of the central management system.

He said this effort allowed the attackers to obtain sensitive gas station data, and payment details.

Why Was it Done?

Rachman suggested there could be various reasons for the attack, such as a warning to the Iranian government, showing what they are capable of doing in the future. "However, we should also consider that the attack was perpetrated by a nation state for their own offensive military operations or intelligence gathering purposes," he said.

"There is the possibility the group was knowingly or unknowingly sponsored by a nation state, and the stolen personal and payment data exfiltrated from the Iranian gas stations systems could serve as their payment."

About the Author

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights