In a significant cyber incident, gas stations across Iran experienced sudden shutdowns as part of a cyberattack targeting the nation’s fuel supply system. Approximately 70% of gas stations were disabled, with Israeli media and Iranian state TV attributing the disruptions to a widespread cyberattack. The group responsible, known as Gonjeshke Darande or Predatory Sparrow, claimed online responsibility, stating that the cyberattack was conducted in a controlled manner to limit damage to emergency services.
The group asserted that warnings were delivered to emergency services, and a portion of gas stations was intentionally left unharmed. Predatory Sparrow, previously associated with a 2021 cyberattack on Iranian gas stations, has also been linked to attacks on the nation’s steel foundries and railway systems. While experts believe the group may be nation-state-sponsored or part of a military intelligence unit, no specific government affiliation has been established. The group’s focus on Iranian critical infrastructure suggests an adversarial relationship with Tehran. Israel and Iran have a history of engaging in cyber conflicts, with The New York Times attributing the 2021 cyberattack on Iranian gas stations to the Israeli government.
The cyberattack is viewed in the context of a broader cyber conflict between Iran and Israel. Predatory Sparrow’s claim that the attack was in response to the “aggression of the Islamic Republic and its proxies in the region” indicates a retaliatory motive. The group re-emerged from a self-declared hiatus in October, mentioning events in Gaza, and it has been implicated in previous cyber incidents with alleged connections to both the Israeli government and the anti-Tehran group Mujahedin-e-Khalq (MEK). As gas stations resume service through manual operations, Iranian officials, including Oil Minister Javad Owji and President Ebrahim Raisi, have acknowledged the cyberattack, calling for an investigation into the incident.