March 22, 2023

On July 9, 2021 Iran International reported that a system-wide disruption of Iran’s railroads was probably due to a cyberattack, Now it appears that the attackers had penetrated the system at least a month earlier.

The first report explained that hundreds of operations on the railroads had been delayed or cancelled with thousands of passengers stranded. The Iranian national railroad website was unavailable, but it isn’t clear whether it was taken down by the authorities or the hackers. Attackers had taken control of announcements at two airports and posted anti-government messages.

On July 16, 2021, Iran International reported further details on the railroad attack from “an information security office at the presidential administration.” The attackers apparently penetrated the system in early June, and had been preparing the payloads from late June onwards.

The attack vector seems to be inadequate security from users working from home and not observing security protocols, but was exacerbated by “existing weaknesses in the systems, not guarding passwords, not updating antivirus software and insufficient investment in cyber security.”

Once the attackers had gained access, they began changing the loading protocols and user passwords. They also prevented the ability of admins to access the system remotely, and they disabled recovery systems.

While the attack may have been to embarrass the incoming president, it could simply have been a reprisal attack in response to continuing Iranian cyberattacks against other countries.

Iran is considered to be the West’s third most sophisticated and active cyber adversary, behind China and Russia. Actions against it are not limited to those from Israel. On June 22, 2021, the U.S authorities seized a range of Iran’s state-linked news websites they accused of spreading misinformation. 

Thirty-three of the seized sites were used by the Iranian Islamic Radio and Television Union, and were accused of spreading disinformation designed to sow discord among U.S. voters ahead of the 2020 elections.

Tags:

1 thought on “Iranian Cyber Attack Update Emerge

  1. Pingback: Destructive Meteor Wiper Used in Iran Attack – TheCyberThrone

Leave a Reply

Related Post

Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023

You may have missed

Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
DotRunpeX – Malware Injector Spreads in Wild

DotRunpeX – Malware Injector Spreads in Wild

March 21, 2023
Killnet Targets Healthcare Azure Resources

Killnet Targets Healthcare Azure Resources

March 21, 2023
NBA suffers a Data Breach – Third Party Provider Data Stolen

NBA suffers a Data Breach – Third Party Provider Data Stolen

March 21, 2023
%d bloggers like this: