Khouzestan Steel Company, one of Iran’s largest steel manufacturers, was targeted by hacktivist group Gonjeshke Darande (Predatory Sparrow) on 28 June.
According to reports, the steel company was said to close its plant until further notice following a cyber attack which caused technical issues. At the time of writing the Khuzestan Steel Company’s website was down.
Other targets claimed by Predatory Sparrow in a video posted on social media included the Mobarakeh Steel Company and the Hormozgan Steel Company.
The group claimed that the company continued to operate despite international sanctions. In January 2021 the US Treasury Department sanctioned several companies connected to Iran’s steel industry alleging that the revenue from the metal producers was used to find the Iranian regime and its nefarious activities.
They added that the cyber attacks were carried out in response to the “aggression of the Islamic Republic [of Iran]”.
Predatory Sparrow said its attacks were carried out “carefully so to protect innocent individuals”.
Advanced attackers
This is not the first incident in which hacktivists have targeted Iran’s critical infrastructure.
In February 2022 Iran’s national media corporation, Islamic Republic of Iran Broadcasting, was targeted and in August 2021 a cyber attack was carried out on the nation’s rail network.
Additionally, in October 2021, the group attacked Iran’s fuel distribution network which forced the shutdown of some filling stations. The attack disabled the government-issued payment cards providing subsidies to motorists in order to purchase fuel.
Speaking on the recent incident targeting steel works, Itay Cohen, Head of Cyber Research at Check Point Software, said: “The recent attack joins a flood of attacks conducted by groups portraying themselves as Hacktivists against the regime.
“The number of attacks, their success and their quality can suggest that they were conducted by an advanced attacker or attackers, perhaps a nation-state with an interest to sabotage Iran's critical infrastructure, as well as seed panic among the Iranian public and officials.”
Cohen noted that the group that has taken responsibility for the steelwork’s attacks, Predatory Sparrow, is the same that took responsibility for the attack against Iran’s railways, Iran’s broadcasting and gas stations.
What is hacktivism?
Hacktivism can be described as when threat actors are politically motivated and use cyber attacks to make political statements or further an ideology.
In the wake of the Russia–Ukraine war, world-renowned hacktivist group Anonymous called its support for Ukraine and has been carrying out cyber attacks against Russia.
In one incident, the hacktivist collectively targeted Russian state-TV channels to broadcast a short video revealing the “truth” of the conflict.
Unlike ransomware criminal groups who are typically motivated by money and use tactics to steal or hold data at ransom, hacktivist groups use disruptive techniques like distributed denial-of-service (DDoS) attacks to disrupt websites or services.
Doxing is also a common hacktivist technique where sensitive or embarrassing information is stolen and leaked.