This post is also available in: heעברית (Hebrew)

Earlier this week, almost 70% percent of Iran’s gas stations were taken down by cybergang “Predatory Sparrow”, who claimed the attack.

When the Iranian Minister of Fuel confirmed the attack had taken place, he claimed that the reason for the fuel disruptions was a cyberattack of Israel and the US. Since his announcement, the Israeli cyber group has claimed responsibility for the attack.

The group posted on its Twitter/X account: “We, Gonjeshke Darande [Predatory Sparrow], carried out another cyberattack today, taking out a majority of the gas pumps throughout Iran. This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region.”

The gang then directly addressed Iran’s leader, Ayatollah Ali Khamenei, warning him that there is a price for playing with fire.

“A month ago, we warned you that we’re back and that we will impose cost for your provocations. This is just a taste of what we have in store,” the group added and attached screenshots of documents they claimed to have acquired from the servers of the affected gas stations.

Predatory Sparrow also posted in an attempt to emphasize its efforts to minimize harming ordinary civilians, clarifying: “As in our previous operations, this cyberattack was conducted in a controlled manner while taking measures to limit potential damage to emergency services. We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to disrupt their operation completely,” it wrote in a subsequent post.

This is not the first time that this specific cyber group has claimed responsibility for a cyberattack in Iran- a major steel factory in Iran was harmed by a cyberattack in 2022, which caused a serious fire. During that attack, Predatory Sparrow released “top secret documents” that provided “evidence of these companies’ affiliation with the IRGC.” It also emphasized that it took measures to avoid harming civilians.

The cyber group wrote on its Telegram at the time of the attack: “These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber-attacks [are] being carried out carefully to protect innocent individuals.”