Home News NIOPDC Hack Cripples Gas Stations in Iran

NIOPDC Hack Cripples Gas Stations in Iran

The National Iranian Oil Products Distribution Company (NIOPDC) was out of service for a day due to a cyberattack that affected the entire fuel distribution network.

Log4j, Iranian Ransomware Actors, SpoofedSccholars, second-tier targets, NIOPDC

The National Iranian Oil Products Distribution Company (NIOPDC) was out of service for a day due to a cyberattack that affected the entire distribution network. The network, which has been supplying oil products for over 80 years, consists of more than 3,500 stations across the country.

Since critical infrastructure in the country was targeted, Iran is contemplating it to be a state-sponsored attack; however, the attacker has not been ascertained and the cause is unknown.

As a result of the security breach, citizens were held up at the gas stations for hours and were left without fuel.

Post the hack, a message reading ‘‘cyberattack 64411” was being displayed on the machines. The message relates to the July cyberattack on Iran’s train services. A similar pattern was seen where the railway message boards were modified and messages from the hackers were flashed.

Customers who are entitled to get subsidized fuel at 5 cents or 20 cents a liter under the government scheme were greeted with the hacker’s message “cyberattack 64411”.

Predator or The Hunted

Iran and cyberattacks are inseparable; the country is mostly at the forefront for being behind cyberattacks, particularly targeting Israel and the U.S.

See also: Iranian Hackers Impersonate U.K. Academia in “SpoofedScholars” Phishing Campaign

Iranian hackers are generally considered less advanced in technical exploitation like zero-day vulnerabilities compared to their well-resourced counterparts in Israel, Russia, or China, who are considered experts in social engineering attacks.

High number of ransomware and cyber espionage cases have been attributed to the Iranian hacker community.

Security experts at Proofpoint had discovered an active social engineering campaign by Iran-based threat actors, who impersonated scholars from the University of London’s School of Oriental and African Studies (SOAS) to target senior think tank personnel, journalists, and professors.