It is very rare that hackers, operating in the digital world, cause damage in the physical world.
But the cyber attack on a steelmaker in Iran two weeks ago seems to show that this rule is not set in stone.
A group of hackers called Predatory Sparrow (“predatory sparrows”, in Spanish) assumed responsibility for the attack, which according to the group caused a serious fire in the steel mill facilities.
The group also released a video that contains images recorded by the security cameras of the attacked factory and in which plant workers are seen leaving before a machine began to spit molten steel and fire. The recording ends with people trying to put out the flames with hoses.
In another video that has surfaced online, staff at the facility can be heard shouting for firefighters and describing damaged equipment.
The start of the war
The “predatory sparrows”, also known by their Persian name Gonjeshke Darande, claim that this incident was one of three attacks they carried out against Iranian steelmakers on June 27, in response to unspecified acts of ” aggression” carried out by the Islamic Republic.
The group has also started sharing gigabytes of data it claims to have stolen from companies, including sensitive emails.
“These companies are subject to international sanctions and continue their operations despite the restrictions. These cyberattacks are carefully carried out to protect innocent individuals,” the “predatory sparrows” assured on their Telegram page.
It is clear that the hackers know that their actions put lives in danger, but it seems that they have tried to avoid collateral damage and ensured that the factory was empty before launching their attack. Some precautions that they have also wanted to bring to light.
This has led many to question whether the group is a professional, regulated team of state-sponsored military hackers, and might even be required to conduct risk assessments before launching an action.
“They claim to be a group of hacktivists, but given their sophistication, and their high impact, we believe the group is operated, or sponsored, by a country,” says Itay Cohen, head of cyber research at Check Point Software, an Israeli firm. specialized in computer security.
Iran has been the victim of a number of recent cyberattacks that have had real-world impact, but nothing as serious as this.
“If this turns out to be a state-sponsored cyberattack causing physical damage – or in warfare jargon ‘kinetic’ – it could be hugely significant,” says Emily Taylor, editor of the Cyber Policy Journal.
Making memory
“Historically, the Stuxnet attack on Iran’s uranium enrichment facility in 2010 stands out as one of the few – if not the only – known example of a cyber attack causing physical damage,” adds Taylor.
Stuxnet was a computer virus first discovered in 2010 that damaged or destroyed centrifuges at Iran’s uranium enrichment facility at the ultra-secure Natanz plant, hampering its nuclear program.
Since then there have been very few confirmed cases of physical harm. Possibly the only one occurred in Germany in 2014. The German cyber authority’s annual report claimed that a cyberattack caused “massive damage” to a steel factory, causing it to close, but no further details were ever given.
There have been other cyberattacks that could have caused serious damage, but were unsuccessful.
For example, hacking groups tried unsuccessfully to add chemicals to the water supply by taking control of water treatment facilities.
It is more common for cyberattacks to cause disruptions – in transportation networks, for example – without causing actual physical damage.
Taylor says this is an important distinction, because if it is shown that a state caused physical damage to the Iranian factory, it may have violated international laws that prohibit the use of force, and would give Iran legal grounds to strike back.
the usual suspect
But which country could be behind the group? Its name, a pun on the name of the Iranian cyber warfare group Charming Kitten, could be a clue suggesting that it is a country with a strong interest in Iran.
The Stuxnet attack is believed to have been carried out by Israel, with the support of the United States. And suspicions about the origin of the “predatory sparrows” also point to Israel, something that has provoked an angry reaction from the government of that country.
Israeli Defense Minister Benny Gantz has ordered an investigation into journalists who have claimed that Israeli military forces are behind the attack on the Persian plant, the press revealed.
The government decision reveals that the minister is concerned that Israel’s “policy of ambiguity” in its operations against Iran has been broken.
In October last year, predatory sparrows claimed responsibility for disconnecting Iranian gas stations from the national payment system. The group also claimed to have been behind a hack that hijacked digital billboards on highways, causing them to display a message that read: “Khamenei, where is our fuel?” – a reference to the country’s supreme leader, Ayatollah Ali Khamenei. .
In the latter case, the hackers sought to minimize the chaos they would create by warning the emergency services of their action in advance.
More evidence
Check Point researchers say they have also found in the malware used by the sparrows a code that matches that used by another group, called Indra, which hacked the screens of Iranian train stations in July last year.
According to Iranian news, hackers indicated on information boards at stations across the country that trains were canceled or delayed, and urged passengers to call the supreme leader.
But experts say the attack on the steel factory is a sign that the stakes are getting higher.
According to the CEO of the Mobarakeh steel company, where the fire broke out, the operations of the plant were not affected by the attack and no one was injured.
Two other companies were also attacked and said they had no problems.
Nariman Gharib, an Iranian opposition activist in the UK and an independent cyber espionage investigator, is convinced the factory was hit.
“The attack was real, as the workers recorded a video from another angle and we saw a statement published on a company’s Telegram channel about the suspension of the production line, which was later denied,” he added.
Now you can receive notifications from BBC World. Download the new version of our app and activate it so you don’t miss out on our best content.
BBC-NEWS-SRC: https://www.bbc.com/mundo/noticias-internacional-62122390, IMPORTING DATE: 2022-07-12 04:50:05
#predatory #sparrows #hackers #managed #burn #factory