- Fuel stations across Iran have been disabled following an anti-government cyber attack
- Fuel pumps wouldn't function and simply displayed the code '64411' - Iran's supreme leader Ali Khamenei's phone number
- Billboards were also hacked, displaying the message "Khamenei! Where is our gas?"
- Alleged leaked Iranian documents show research into blowing up Western fuel stations
Infrastructural Denial of Service
Fuel stations across Iran were knocked offline, causing chaos. When people tried to buy fuel they instead received the message 64411 on the pump's display.
This maps to the phone number for the office of Iran’s supreme leader “Ayatollah Ali Khamenei”. Billboards have also been targeted displaying the message "Khamenei, where's our gas?".
Abolhassan Firouzabadi, the secretary of the Supreme Council of Cyberspace in Iran has said "There is a possibility that the attack, like a previous one on the railway system, has been conducted from abroad".
The railway cyberattack was carried out in July this year. Hackers posted fake messages about train delays and cancellations on electronic boards at stations. The number 64411 also made an appearance... A message on billboards said “Long delays due to cyber attacks. More information: 64411” - obviously prompting passengers to DDOS the supreme leader’s phone number.
That attack was attributed by checkpoint to Indra. The attribution wasn't hard to make as railway computers' lock screens were changed, making crystal clear who helmed the attack. It's unclear if this group is also behind the new attack.
The BBC reported a group going by the name “predatory Sparrow” is behind the campaign targeting fuel stations, a journalist posted several Telegram messages made by the group.
The messages detail the group's claims that they found a more significant vulnerability in fuel pumps but chose not to exploit it as to avoid long term damage. It is also claimed they notified emergency services in advance to avoid their disruption. However, other than these few Telegram messages there is nothing to suggest this group authored the hack.
Iran's leaked documents
Earlier this year Sky news reported that leaked documents from the Iranian state backed hacker group intelligence Team 13 detailed research into how it may be possible to blow up fuel pumps in the West by hacking into them and remotely controlling fuel flow and temperature.
The documents weren't codified plans, but more so a white paper in to what kind of hacks were theoretically possible on infrastructure.