·Iran’s state-owned steel oligarch Khuzestan said factories had to be shut down due to “technical problems” following a “cyber attack” until further notice.
·The hacker gang “Gonieshke Darande” claimed responsibility and released a suspected factory surveillance video showing a heavy machinery on the production line malfunctioning and causing a fire. The gang also claimed responsibility for the large-scale closure of Iranian gas stations last year;
·Targeting industrial control systems, such as steel mills, undoubtedly represents an escalation of the cyber offensive, security experts say.
·Khuzestan is trying best to do data disaster recovery.
A major Iranian steel company said on Monday it was forced to suspend production due to a cyber attack. The attack, which also affected two other factories, became one of the largest recent attacks against Iran’s strategic industrial sector.
The Iranian government has yet to respond to the sabotage or the attack on Khuzestan’s state-owned steel company and two other steel producers. Tensions in the region are set to escalate further in the latest example of sabotage of Iranian domestic facilities in recent months.
Hackers Exposed Factory Failure Monitoring Images, But The Company’s CEO Denies The Shutdown
An anonymous hacker group claimed responsibility for the attack on social media, saying the attack on Iran’s three major steel companies was in response to “Iran’s aggression.”
The gang, calling themselves “Gonieshke Darande”, released CCTV footage purportedly taken from the Khuzestan steel mill workshop. Footage showed a heavy machinery on the billet production line malfunctioning and causing the fire.
The gang said the companies were linked to the Islamic Revolutionary Guard Corps (IRGC), an Iranian paramilitary group.
A steel mill in the central Iranian town of Mobarakeh said their systems were also under attack. Another factory in Bandar Bandar Abbas, Iran’s southern port, was also the victim of a cyber attack, state media IRAN reported. But neither factory has acknowledged losses or shutdowns as a result of the attack.
Khuzestan Steel said it had to stop work due to “technical problems” following the “cyber attack” and that it would be notified when it would resume. The company’s website was also down on Monday.
However, the company’s CEO, Amin Ebrahimi, claimed that the Khuzestan steel plant had successfully prevented the cyber attack, and that production, supply chain and customers were not affected. He did not mention a word about the pictures of the facility failure and fire released by the hacker gang.
“Fortunately, we took the time and our awareness and this attack did not succeed,” Ebrahimi was quoted as saying by the semi-official Meir news agency. He also added that the company’s website is expected to be online within Monday and everything will be restored.” normal”.
Local news channel Jamaran reported that the attack failed because the factory happened to have a power outage at the time and was not operating normally.
Escalating Cyber Offensive Against Iran?
In recent years, Iran has suffered an increasing number of cyber attacks. As a country that has been sanctioned by the Western world for a long time, Iran’s network update speed has not been ideal, so it is difficult to resist ransomware and intrusion attacks launched by criminals and state-sponsored hackers.
In a major incident last year, a cyber attack on Iran’s fuel-distribution system shut down gas stations across the country and sent angry drivers lining up. At that time, it was the same Gonjeshke Darande hacker team who stood up to declare responsibility for the attack.
Iranian train stations have been attacked by fake delay information. The country’s surveillance cameras have been hacked, state-run websites have been breached and videos of the infamous Avon prison abuse have been leaked online.
Juan Andrés Guerrero-Saade, chief threat researcher at security firm SentinelOne, said it was unclear who was behind the recent cyberattack against Iran. But he said if the gangs started targeting industrial control systems such as steel mills, it would undoubtedly represent an escalation in the attack’s firepower.
In his view, “the tone of the attack has begun to change.”
Lior Tabansky, a cybersecurity expert at Tel Aviv University in Israel, said that in the dark battlefield of cybersecurity, it is often difficult for people to discern whether the so-called responsible statement is credible.
He believes that if the incident is indeed a cyber attack, the initiator may be Israel or the United States. “If I were a high-ranking Iranian official, when my steel sector or other important strategic sector was hit by a cyber attack, the most likely possibility was the Zionists or U.S. imperialists.”
Iran has previously accused the United States and Israel of compromising its domestic infrastructure through cyberattacks.
After the Stuxnet computer virus, widely believed to have been jointly developed by the United States and Israel, destroyed a large number of centrifuge equipment at Iran’s nuclear facilities in the late 2000s, Iran finally decided to disconnect much of its government infrastructure from the Internet open the connection.
Khuzestan Steel has a significant presence in Iran
Khuzestan Steel, headquartered in Ahvaz, the oil-rich southwestern province of Khuzestan, has a monopoly on steel production in Iran with two other large state-owned enterprises.
Khuzestan Steel was established before the Islamic Revolution in Iran in 1979. In the decades since, the company has used production lines supplied by German, Italian and Japanese companies. The steel mill has been running on production except during the disastrous Iran-Iraq war in the 1980s, when Iraqi dictator Saddam Hussein sent troops across the border.
However, tough sanctions targeting Iran’s nuclear program have also forced the company to consider reducing its reliance on foreign components.
The Iranian government sees steel companies as a key sector. According to the World Steel Association, Iran is the leading steel producer in the Middle East and one of the top ten steel producers in the world. Its iron ore resources not only provide raw materials for domestic production, but are also exported to dozens of countries including Italy, China and the United Arab Emirates.
However, Iran’s crude steel output last month was only 2.3 million tonnes, worldsteel said. The main reason for the decline in exports is that after the war against Ukraine, Russia was unable to connect to the Western market due to sanctions, and could only sell a large amount of discounted steel to eastern buyers, resulting in a significant reduction in the transaction volume received by Iran.
Cyberattacks are a rising danger to organizations and enterprises of all sizes across all industries today. Storage systems may appear to have nothing to do with a company’s cybersecurity posture and policies, yet they may be the strongest defense. Some characteristics and components of virtual machine backup, such as ease of management, low cost, and storage compatibility, make it critical to protect sensitive data from ransomware attacks, assisting in the creation of impenetrable cloud storage for enterprise data centers and effectively preventing ransomware attacks. VMware Backup, Xenserver Backup, oVirt Backup, and other popular VM backup solutions are listed below.