Israel-linked hacking group claims attack on Iranian gas pumps
A sophisticated hacking group linked to Israel claimed responsibility on Sunday for carrying out a cyberattack that disrupted a significant portion of Iran’s gas stations.
The group known as Predatory Sparrow wrote in a statement to X, the social media platform formerly known as Twitter, that the attack had knocked out “a majority of the gas pumps throughout Iran” and that it came “in response to the aggression of the Islamic Republic and its proxies in the region.”
“Khamenei, playing with fire has a price,” the post added, referring to Iran’s supreme leader.
Iran’s oil minister, Javad Owji, told Iranian state TV that as many as 70% of the country’s gas stations had been disrupted in the incident, which is the second time in the past two years that Predatory Sparrow has disrupted gasoline supplies in Iran. An Israeli government spokesperson declined to comment on the incident during a Monday briefing.
Following Hamas’s Oct. 7 attack on Israel, a flurry of hacktivist groups on both sides of the conflict have attempted to take down and deface websites, but operations linked to the conflict have been mostly opportunistic and exaggerated in impact. Sunday’s incident in Iran appears to be the first cyberattack since the current round of fighting began to have major physical consequences.
The attack comes against the backdrop of growing tensions in the Middle East as fighting continues between Israel and Hamas. Iranian-backed Houthi fighters have in recent weeks carried out a string of attacks targeting commercial shipping vessels in the Red Sea, prompting some major oil producers to halt oil shipments via the Suez Canal.
In an online message to CyberScoop on Tuesday, a representative of the group said that “we attacked Iran because of their aggression in the region by using proxies like the Houthis, Hezbollah and more.”
U.S. destroyers deployed to the Red Sea have shot down a string of Houthi drones in recent weeks following drone attacks on commercial shipping vessels. Some vessels transiting the region have taken to broadcasting that they are traveling with armed guards aboard in an attempt to deter attacks, and U.S. officials are expected to announce the formation this week of a naval task force to protect ships in the region.
Houthi fighters have pledged to carry out attacks on what they have described as commercial vessels linked to Israel as part of a retaliatory campaign carried out in solidarity with Hamas.
Predatory Sparrow has not declared its affiliation with Israel, but the group is widely believed to be a persona created by Israeli security services as part of its long-running conflict with Iran. The group was linked to an attack in October 2021 that also disrupted the supply of automotive fuel. Last year, the group struck steel manufacturing plants in Iran.
Anonymous U.S. defense officials have been quoted saying that they believe the 2021 attack by Predatory Sparrow was the work of Israel.
“This group has been one half of a cyber conflict that was going on within Iran and Israel before the most recent violence erupted,” said John Hultquist, the chief analyst at Mandiant Intelligence.
Predatory Sparrow is notable for the way it calibrates its attacks. In a statement to X, Predatory Sparrow said “this cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services.” The group said it had “delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation.”
Efforts to limit the impact of attacks in this manner — requiring a measure of technical sophistication and in all likelihood a legal team vetting operations — is a major reason why experts believe the group to be the work of Israeli security services.
AJ Vicens contributed reporting to this article.
Updated Dec. 19, 2023: This article has been updated with comment from a representative of Predatory Sparrow.
