Israeli Cyber Experts: What’s Behind the Cyberattack on Iran?

Israeli Cyber Experts: What’s Behind the Cyberattack on Iran?


This post is also available in: heעברית (Hebrew)

A cyberattack on Iran has disrupted the sale of subsidized fuel in Iran on October 26, causing the shutting down of a government system managing fuel subsidies, state media reported.

The attack, that has caused long queues at gas stations across the country comes weeks before the anniversary of 2019 street protests that followed fuel price hikes.

Who could have been behind the attack and what was it trying to gain? “I think that the attack was perpetrated by a state actor and not by some kind of a small group,” claims Guy Mizrahi, a serial entrepreneur and a cyber expert, in a special interview with iHLS. “The reason is we are talking about a multidisciplinary attack, involving both IT capabilities and capabilities that have consequences on OT and SCADA products”.

“I find it most interesting to ask why a state actor would want to perpetrate such attack when it actually didn’t cause economic damage to the Iranian state, but rather to citizens’ resentment against the establishment,” Mizrahi asks. “The question arises why the attacking body will decide to burn capacity for gaining a profit that is confined to psychological warfare?”

Is it possible that this is a matter of making war on Iranian public opinion a high priority? The question remains open to interpretation.

Can an attack of this magnitude occur against Israel? Mizrahi estimates that “in Israel, the situation is different since the fuel market is distributed among several companies and is not concentrated in one place as in Iran. In order to achieve a significant effect in Israel, an attack on port facilities and refineries is required.”

Interested in learning more about the latest developments in OT & SCADA cybersecurity? Attend INNOTECH 2021 Cyber, HLS, and Innovation Event at Expo Tel Aviv, Nov. 17-18.

Another aspect of the attack is the ongoing cyber conflict in the Middle East, says Boaz Dolev, CEO, Clearsky, a cyber intelligence company operating in Israel during the last decade. “The assailants in this conflict come not only from the Middle East but also from the US, China, and Russia.” 

Why did the attackers choose this mode of operation? Dolev believes that the attack on the refueling cards in Iran was intended to create deterrence and send a hint to the Iranians. “We discovered a Telegram channel that relates to the attack and claims responsibility. Moreover, it appears that emergency organizations in Iran had been alerted to refuel their vehicles before the attack, apparently in order to refrain from risking human lives. This may prove that the attack was perpetrated by a state actor and not by criminals. However, we do not have the means to trace the attack to a specific actor.”

During the last three years, there has been an ongoing conflict between Israel and Iran in the cyber arena. Dolev believes that the recent attack should be seen over the backdrop of Iranian attacks against Israel in the last several weeks. “The attack may have been a signal to the Iranians that they had crossed the line”. “In any event, Israel’s cyber capabilities are far more powerful than Iran’s capabilities,” Dolev concludes.