On July 9, 2021 Iran International reported that a system-wide disruption of Iran’s railroads was probably due to a cyberattack, Now it appears that the attackers had penetrated the system at least a month earlier.

The first report explained that hundreds of operations on the railroads had been delayed or cancelled with thousands of passengers stranded. The Iranian national railroad website was unavailable, but it isn’t clear whether it was taken down by the authorities or the hackers. Attackers had taken control of announcements at two airports and posted anti-government messages.

On July 16, 2021, Iran International reported further details on the railroad attack from “an information security office at the presidential administration.” The attackers apparently penetrated the system in early June, and had been preparing the payloads from late June onwards.

The attack vector seems to be inadequate security from users working from home and not observing security protocols, but was exacerbated by “existing weaknesses in the systems, not guarding passwords, not updating antivirus software and insufficient investment in cyber security.”

Once the attackers had gained access, they began changing the loading protocols and user passwords. They also prevented the ability of admins to access the system remotely, and they disabled recovery systems.

While the attack may have been to embarrass the incoming president, it could simply have been a reprisal attack in response to continuing Iranian cyberattacks against other countries.

Iran is considered to be the West’s third most sophisticated and active cyber adversary, behind China and Russia. Actions against it are not limited to those from Israel. On June 22, 2021, the U.S authorities seized a range of Iran’s state-linked news websites they accused of spreading misinformation. 

Thirty-three of the seized sites were used by the Iranian Islamic Radio and Television Union, and were accused of spreading disinformation designed to sow discord among U.S. voters ahead of the 2020 elections.