Ebrahim Raisi did not claim responsibility for the attack. Many Iranians used the electronic cards issued by the government to purchase subsidized fuel at pump pumps.
They suggested, however, that he and other members of the theocracy believed anti-Iranian militants carried out an attack likely to inflame the country in the wake of the second anniversary a brutal crackdown on protests nationwide over rising gasoline prices.
Raisi stated that there should be a serious readiness in cyberwar. The enemy should not follow their ominous aims of making people’s lives more difficult. Later, footage from state television showed the president visiting a central Tehran gas station.
Tuesday’s attack also mirrored an attack that occurred months before. It seemed to directly challenge Iran’s Supreme Leader Ayatollah Al Khamenei, as the country’s economy collapses under American sanctions.
The state-run IRNA news agency reported Wednesday morning that another official claimed that 80% of Iran’s gas stations had reopened selling fuel. Associated Press journalists witnessed long lines at several Tehran gas stations. One station saw 90 cars waiting to get fuel. The price of fuel was higher than the subsidized, so those who bought it ended up paying more.
Semi-official ISNA news agency first called it a cyberattack. It said that those who tried to purchase fuel using a government-issued card instead received a message saying “cyberattack 644111.”
Although ISNA did not acknowledge the significance of this number, it is associated with Khamenei’s hotline that answers questions about Islamic law. ISNA later deleted its reports, claiming it had also been hacked. These hacking claims can quickly be made when Iranian media outlets publish information that is offensive to the regime.
Farsi-language satellite TV channels published videos that were apparently taken by drivers in Isfahan (a major Iranian city) and showing electronic billboards reading: “Khamenei!” One said, “Where is our gas?” Another added: “Free gas at Jamaran gas station,” in reference to the residence of the late Supreme Leader Ayatollah Ruhollah Khomeini.
The number “64411”, which was used in the attack on Iran’s railway system in July, also had the number displayed. Check Point, an Israeli cybersecurity firm, later identified the attackers as Indra, a Hindu god of war.
Indra had previously targeted companies in Syria, where President Bashar al-Assad has remained in power through Iran’s intervention during the country’s ongoing war.
In comments made by IRNA, Abolhassan Frouzabadi (secretary of the Supreme Council of Cyberspace) linked the attack to Iran’s July rail system attack. It also affected all 4,300 Iranian gas stations across the country, he said.
Firouzabadi stated that there is a chance that the attack, similar to one on the railway system in the past, was carried out from abroad.
Amir Nazemy (ex-deputy telecommunications minister) had previously tweeted that the “infrastructure system of gas stations” was an exclusive network. This raises questions about whether or not someone within Iran has access to the system and launched the cyberattack.
In a Telegram message, a previously unknown group claimed responsibility for the cyberattack that occurred late Tuesday night. It didn’t provide any evidence of the attack.
Juan Andres Guerrero Saade, a researcher at cybersecurity company SentinelOne, stated that the attack seemed well planned. This suggests that a foreign intelligence agency, not an activist hacking organization, could be responsible.
Guerrero Saade stated, “It’s very brazen.”
Iran is home to the fourth-largest oil reserves in the world, despite decades of economic turmoil. Cheap gasoline is considered a birthright.
Iranian motorists can purchase regular gasoline at 15,000 Rial per liter through subsidies. This is 5 cents per liter or 20 cents per gallon. It costs 30,000 rials per liter after a 60-liter monthly quota. This is a total of 10 cents per liter and 41 cents per gallon. AAA reports that regular gasoline costs 89c per liter, or $3.38 per gallon in the U.S.
Iran was the target of protests in 100 cities and towns, which were triggered by rising gasoline prices. Amnesty International stated that 304 people were killed by a government crackdown and thousands were arrested by security forces. Tuesday’s cyberattack occurred in the same Persian calendar month as the 2019 gasoline protests.
It also happened on Shah Mohammad Reza Pahlavi’s birthday. He was a cancer patient and fled the country just before the Islamic Revolution in 1979.
Iran has been the victim of a number of cyberattacks. One of these attacks leaked video from Iran’s notorious Evin prison, in August.
After the Stuxnet computer virus, widely believed to have been a joint U.S./Israeli creation, disrupted thousands Iranian centrifuges at the country’s nuclear sites in late 2000s, the country disconnected large parts of its government infrastructure.
Iran, which has been long sanctioned in the West, is having difficulties getting current hardware and software. They often rely on older electronics made by China or systems that are no longer being repaired by manufacturers. This would make it easier to target potential hackers. It is common for Iran to have pirated versions of Windows or other software.