Cyber insecurity: Iran highlights ‘other cyber attacks’ after gas disruptions

Tehran is showcasing successful cyberattacks afflicting its enemies to distract from its cyber security woes on the home front.

Hacker in a hood (photo credit: INGIMAGE)
Hacker in a hood
(photo credit: INGIMAGE)

In the wake of reports that Iran suffered a cyberattack that led to the disruption of gas stations, Iranian media have been tasked with putting a positive face and spin on the problem. So what is the best defense? A good offense.  

Iran’s Tasnim News Agency claimed that six months ago there was a massive cyberattack on a US fuel network. It quotes American media as reporting on the Colonial Pipelines incident in which a US fuel pipeline was shut down. According to reports at the time, on May 14 the company had paid a “cyber-criminal gang” to prevent a data leak.  

“One of the fuel transmission lines of the American company Colonial was attacked by the ransomware of a hacker group living in Eastern Europe called Darkside,” Iran’s media say.

The Biden government declared a state of emergency a few days earlier on Sunday, May 9, saying that he was concerned about the possible scale of the accident. The hackers seized 100 gigabytes of network information, Tasnim says. 10,000 gas stations were affected because they ran low on fuel.

This is Iran’s answer to its own cyber failure and the disruptions at home. It wants to make it seem as though “this happens everywhere.” Iranian media therefore also put out reports about a hospital in Israel that suffered a cyberattack and other cyber incidents in the Jewish state.

Iran Gas prices 298.88 (credit: AP)Iran Gas prices 298.88 (credit: AP)

The implication from these reports, at Fars News Agency, is that Israel is suffering cyberattacks. Iran claims to rely on “Zionist” media for its reports. It claims that a “hacker group had leaked intelligence files related to the regime’s army, which included information about hundreds of soldiers,” and that the cyber incident revealed details of soldiers in a “combat battalion of forces of the Zionist army.”

The report on Fars News’ website in Iran even links to the Ynet article in Hebrew from Wednesday morning. The article refers to the “Moses staff” hacker group and a cyberattack that “published alleged IDF information files containing names, telephone numbers” and other details. This report also noted a previous report in 2019 that “Israel says Iran hacked ex-general [Benny] Gantz’s phone.”

Iran’s media are thus playing up hacking and cyberattacks abroad, particularly targeting Israel and the US, to distract from its own apparent failures regarding cybersecurity.

Tehran has done this in the past. When the Islamic Republic was hit by mysterious explosions and fires that embarrassed the regime and seemed to harm sensitive infrastructure, its media was tasked to write about wildfires and explosions in the US, as if to say “See, these things happen everywhere.” Iran may also be pretending that it is linked to these incidents abroad, even though it doesn’t play up the Iranian angle.

In short, Iran wants the plausible deniability of not being behind cyberattacks abroad. But there is evidence that incidents referred to by Iranian media are those done by hackers in Eastern Europe or Russia, not necessarily ascribed to Iran. And there is no evidence that Tehran is behind some of the incidents it has linked itself to in the US.