Iran’s Largest Steel Producer Hit By Crippling Cyberattack

Iran’s Largest Steel Producer Hit By Crippling Cyberattack

The targeted company, Khouzestan Steel Company (KSC), has acknowledged the cyberattack but claimed the attack was successfully thwarted.

Iran’s largest steel production firm is the latest victim of a cyberattack on Monday, marking the largest cyberattack on the country’s industrial sector. According to a report from The Associated Press, the attack forced the company to halt its operations.

Attack Details

The targeted company was the Iranian government-owned Khouzestan Steel Company (KSC). After the attack, its website became unavailable, and operations were suspended immediately. At the time of writing, the website was still offline.

It is worth noting that there are unverified claims that the company’s infrastructure suffered physical damage due to the cyber attack. On the other hand, the company’s CEO, Amin Ebrahimi, stated that the company stopped the cyberattack and was able to avoid internal damage to the manufacturing department to prevent supply chain disruption.

Ebrahimi claims that due to “time and awareness,” this attack was successfully thwarted.

Iran’s Largest Steel Producer Hit By Crippling Cyberattack
Khouzestan Steel Company acknowledged the cyberattack in an Instagram post (In picture: Amin Ebrahimi, CEO of Khouzestan Steel Company)

Furthermore, the CEO claims that their website will be restored and back online soon. However, Jamaran, Iran’s local news channel, stated that the attack didn’t work because when it happened, the factory was non-operational due to a power outage.

Who is the Perpetrator?

According to the AP, the company didn’t point out or put the blame on any particular group for the attack on the country’s most high-profile steel manufacturer based in Ahvaz, Khuzestan province. However, after sanctions on Iran, it was forced to downsize its reliance on imported parts, which affected its business.

This attack is not the first one targeting Iran’s critical infrastructure. Last year, as reported by, the country’s fuel distribution system was targeted in a cyberattack that disrupted operations at gas stations across Iran, prompting massive public outrage.

In another incident, train stations were hit with fake delay messages, and in another one, surveillance cameras at different locations in Iran were targeted. In these previously documented attacks, the Iranian government accused Israel and the USA of targeting its infrastructure.

In August 2021, a group going by the online handle of “Edaalate Ali” (Ali’s Justice or Ali’s Court) claimed responsibility for targeting prison computer systems and security cameras in Iran. The group also leaked CCTV footage showing grim conditions and grave human rights violations taking place at a prison facility in northern Tehran.

Expert Comment

According to John Hultquist, VP, Mandiant Intelligence, Mandiant is looking into reports claiming that the cyber attack caused physical destruction to the company’s infrastructure.

“We are working to validate claims of a purported physically destructive cyber attack on an Iranian steel plant. Though an HMI screenshot was provided as bona fides of the attack, read-only access to HMIs is sometimes available through IT assets and does not necessarily indicate an intrusion into the OT space.

In some respects, it doesn’t really matter if this was a cyber attack or not. The evidence that was provided by the alleged attacker may be sufficient to convince many that a cyber attack occurred, serving the attacker‘s purposes.” 

John Hultquist, VP, Mandiant Intelligence

Related Posts