Pro-Israeli Hacktivists Attack Iranian Gas Stations

Hacktivist group Predatory Sparrow says it was behind a cyberattack on gas stations across Iran that disrupted operations.

Between 60% and 70% of Iranian gas stations reportedly have been affected.

Meanwhile, Reza Navar, a spokesperson for Iran's petrol stations association, told state news that a software issue was the culprit, and that it's being resolved. He advised drivers not to visit petrol stations.

Iran's oil minister Javad Owji said outside interference was a possible cause, according to Reuters.

Predatory Sparrow posted a series of screenshots showing what it called a "small corner of proof of our activity on the network." The post said the images included the names of the fuel stations, payment systems information, photos of when the group was inside the network, and the fuel station management system.

The pro-Iranian hacktivist group said in messages on X, formerly Twitter, that the cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services.

"We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation," the group posted.

Predatory Sparrow previously carried out a cyberattack in 2021 on an Iranian payment system linked to a national network of fuel pumps.

Yossi Rachman, director of security research at Semperis, said in an emailed analysis of the attack that Predatory Sparrow hit at least one server by compromising technical support, or potentially other administrative privileged accounts within the system, to take control of the central management system.

He said this effort allowed the attackers to obtain sensitive gas station data, and payment details.

Why Was it Done?

Rachman suggested there could be various reasons for the attack, such as a warning to the Iranian government, showing what they are capable of doing in the future. "However, we should also consider that the attack was perpetrated by a nation state for their own offensive military operations or intelligence gathering purposes," he said.

"There is the possibility the group was knowingly or unknowingly sponsored by a nation state, and the stolen personal and payment data exfiltrated from the Iranian gas stations systems could serve as their payment."