Who Are The Hackers Who Claim To Have Ignited Fire In Iran

It happens quite infrequently for hackers, who work in the digital realm, to harm people or property in the real world.

However, the cyberattack on an Iranian steel manufacturer two weeks ago is considered one of those critical and worrying instances.

Predatory Sparrow, a hacker collective, claimed responsibility for the attack, which it said started a severe fire. The organisation also released a video to support its claim.

A machine spewed molten steel and fire in the video, which looks like CCTV footage of the incident.

Factory workers were seen exiting a section of the plant before this happened. The video closes with individuals using hoses to spray water on the flames.

ALSO READ: Ransomware Attack: Hackers Encrypt Data Of ISGEC Heavy Engineering Limited, Demands Bitcoin To Unlock Data

Factory workers can be heard yelling for firefighters to be summoned and reporting equipment damage in another video that recently leaked online.

Predatory Sparrow, also known by its Persian moniker Gonjeshke Darande, claims this was one of three attacks it launched against Iranian steel producers on June 27 in retaliation for the unknown Islamic Republic “violence.”

Additionally, the gang has been disseminating gigabytes of material, including private emails, that it claims to have taken from the businesses.

Posted on Predatory Sparrow’s Telegram page: “Despite being subject to international sanctions, these businesses carry on with business as usual. These cyberattacks are being carefully executed to safeguard innocent people.”

The cyber security community has taken notice of that last sentence.

ALSO READ: GoodWill Ransomware: How This New Malware Forces Targets For Charity and Donation To Needy Children

The hackers were aware that they could endanger lives, yet it appears that they went to great lengths to verify that the manufacturing floor was vacant before launching their attack. They also seemed keen to demonstrate how cautious they had been.

Many have questioned whether Predatory Sparrow is a skilled and strictly regulated group of state-sponsored military hackers and have speculated that they may even be required to conduct risk assessments before launching an operation.

According to Itay Cohen, head of cyber research at Check Point Software, “They claim to be a group of hacktivists, but given their competence and tremendous impact, we assume that the group is either operated or sponsored by, a nation-state.”

There have been several recent cyberattacks against Iran that have had an effect in the real world, but nothing as severe as this.

According to Emily Taylor, editor of the Cyber Policy Journal, “if this does turn out to be a state-sponsored cyberattack producing physical – or in the parlance of war studies ‘kinetic’ damage – this might be immensely significant.”

One of the few, if not the only recorded instance of a cyberstrike causing physical harm is the Stuxnet attack on Iran’s nuclear enrichment facilities in 2010, according to historical accounts.

Stuxnet was a computer virus that was originally identified in 2010 that hindered Iran’s nuclear development by damaging or destroying centrifuges at its Natanz uranium enrichment plant.

ALSO READ: US-Based Crypto Firm Harmony Lost Crypto Worth $100 million To Hackers, FBI To Probe The case

Possibly the lone instance occurred in Germany in 2014. A cyberattack on a steel production resulted in “significant damage,” forcing an emergency shutdown, according to the German cyber authority’s yearly report, but no further information has ever been provided.

Other cyberattacks that had the potential to do significant harm were unsuccessful. For instance, by seizing control of water treatment facilities, hackers attempted but failed to introduce chemicals to the water supply.

Cyberattacks are more likely to impair systems, such as transportation networks, without really causing physical harm.

It’s an important distinction, according to Emily Taylor, because if a state is found to have physically damaged the Iranian steel mill, it may have broken international law barring the use of force and given Iran the right to retaliate.

Which nation does Predatory Sparrow represent if it is a state-sponsored military hacking group?

Its moniker, a parody of the name of the Iranian cyber-warfare outfit Charming Kitten, may provide a hint as to the identity of the attacker, indicating that it is a nation with a keen interest in Iran.

Most people believe that Israel carried out the Stuxnet strike with US assistance. The Israeli government has responded this time because there have been enough rumblings attributing the Predatory Sparrow assault to Israel.

Israeli media claims that Benny Gants, the defence minister, has ordered an investigation into leaks that prompted Israeli journalists to strongly imply that Israel was responsible for the breach.

According to reports, the minister is worried that Israel’s “ambiguity policy” about its operations against Iran may have been compromised.

“Israel is the top suspect if this cyberattack was state-sponsored, of course. Iran and Israel are engaged in a cyberwar, which both countries formally admit “from ADEO Cyber Security Services in Ankara, Ersin Cahmutoglu.

The problem has gotten worse since Israel replied in 2020 when Iran attempted to interfere with the chlorine level in Israeli water infrastructure systems through a botched cyberattack. Both regimes coordinate cyberattacks through their intelligence services.

Predatory Sparrow took down Iran’s national fuel station payment system in October of last year, according to its allegation.

Additionally, the group claimed responsibility for a hack that forced digital billboards along roads to display the words “Khamenei, where is our fuel?” about the country’s supreme leader, Ayatollah Ali Khamenei.

Once more, the hackers have shown some accountability by forewarning Iran’s emergency services of the possible turmoil that might ensue.

In addition, according to Check Point analysts, they have discovered code that is identical to malware used by another group known as Indra that compromised Iranian railway station displays in July of last year in the malicious software used by Predatory Sparrow.

Iranian news reports claim that hackers announced the cancellation or delay of trains on information boards at stations around the nation and asked passengers to call the supreme leader.

ALSO READ: Spy App Exposes Data Including Pictures From Users’ Phones

The steel factory attack, however, is an indication that the stakes are rising, according to experts.

The operations of the facility were unaffected by the attack, and no one was wounded, according to the CEO of Mobarakeh Steel Company, where the fire appears to have occurred. The two further companies claimed there were no issues with them.

The film is authentic, according to an independent cyber-espionage investigator and opposition Iranian campaigner Nariman Gharib, who is located in the UK. He mentions that two further fire movies were uploaded on Twitter.

A message was sent on one company’s Telegram channel claiming the manufacturing line had been suspended, which was then refuted, according to the author.

“Workers took footage from a different viewpoint revealing the attack,” the author says.

He worries that a line has been crossed. “Israel is proving, in my opinion, that it is capable of more than just causing service to be halted if it is behind these attacks. It serves as an example of how things may get out of hand.”

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube