The targeted company, Khouzestan Steel Company (KSC), has acknowledged the cyberattack but claimed the attack was successfully thwarted.
Iran’s largest steel production firm is the latest victim of a cyberattack on Monday, marking the largest cyberattack on the country’s industrial sector. According to a report from The Associated Press, the attack forced the company to halt its operations.
Attack Details
The targeted company was the Iranian government-owned Khouzestan Steel Company (KSC). After the attack, its website became unavailable, and operations were suspended immediately. At the time of writing, the website was still offline.
It is worth noting that there are unverified claims that the company’s infrastructure suffered physical damage due to the cyber attack. On the other hand, the company’s CEO, Amin Ebrahimi, stated that the company stopped the cyberattack and was able to avoid internal damage to the manufacturing department to prevent supply chain disruption.
Ebrahimi claims that due to “time and awareness,” this attack was successfully thwarted.
Furthermore, the CEO claims that their website will be restored and back online soon. However, Jamaran, Iran’s local news channel, stated that the attack didn’t work because when it happened, the factory was non-operational due to a power outage.
Who is the Perpetrator?
According to the AP, the company didn’t point out or put the blame on any particular group for the attack on the country’s most high-profile steel manufacturer based in Ahvaz, Khuzestan province. However, after sanctions on Iran, it was forced to downsize its reliance on imported parts, which affected its business.
This attack is not the first one targeting Iran’s critical infrastructure. Last year, as reported by Hackread.com, the country’s fuel distribution system was targeted in a cyberattack that disrupted operations at gas stations across Iran, prompting massive public outrage.
In another incident, train stations were hit with fake delay messages, and in another one, surveillance cameras at different locations in Iran were targeted. In these previously documented attacks, the Iranian government accused Israel and the USA of targeting its infrastructure.
In August 2021, a group going by the online handle of “Edaalate Ali” (Ali’s Justice or Ali’s Court) claimed responsibility for targeting prison computer systems and security cameras in Iran. The group also leaked CCTV footage showing grim conditions and grave human rights violations taking place at a prison facility in northern Tehran.
Expert Comment
According to John Hultquist, VP, Mandiant Intelligence, Mandiant is looking into reports claiming that the cyber attack caused physical destruction to the company’s infrastructure.
“We are working to validate claims of a purported physically destructive cyber attack on an Iranian steel plant. Though an HMI screenshot was provided as bona fides of the attack, read-only access to HMIs is sometimes available through IT assets and does not necessarily indicate an intrusion into the OT space.
In some respects, it doesn’t really matter if this was a cyber attack or not. The evidence that was provided by the alleged attacker may be sufficient to convince many that a cyber attack occurred, serving the attacker‘s purposes.”
John Hultquist, VP, Mandiant Intelligence
More Cyber Attacks and Related News
- Iran’s Top Tier Airline Mahan Air Hit by Cyberattack
- US seizes official website of Iranian state-owned Press TV
- 52k Iranian ID cards with selfies sold on dark web & hacking forum
- 40GB of leaked videos expose how Iranian hackers hijack email accounts
- Personal details & phone numbers of 42M Iranians sold on a hacking forum