Last Updated on 22/11/2021 by Khushi
Iran on July 9th and 10th, 2021 was attacked by an anonymous hacking group. The hackers were conjectured to be Israelis but almost after one month, a new investigation by an Israel based company, Check point Research claimed that it was Indra group, on the bases of a thorough research. Earlier the group was responsible for attacks on Syria based companies, katerji group and Arfada petroleum.
The target of the first attack was Iran’s railway Infrastructure. On 9th July, according to Iran’s news reports, hackers displayed messages across the country’s timetable boards at railway stations, the message were about delays and cancellations of trains due to cyber attacks, which itself was a work of the hackers. The message also urged people to call on 64411, which was apparently the number of the office of country’s supreme leader Ayatollah Ali khamenei. The second attack was on 10th July and the victim was Iran’s Ministry of Roads and Urbanizations, the hackers reportedly disrupted the services of the ministry and displayed a message on the monitors of hacked computers, which said “we attacked the computer systems of the Railway Company and the Ministry of Roads and Urban Development”. Itay Cohen, the senior researcher at Check Point, believes that the hackers group responsible for the cyber attack is made up of those who are opposed by Iran’s regime.
The hackers used a malware called The Wiper and as the name suggests, it hunts for important files and then wipes them off the system or changes their passwords and makes the files hard to recover. The Wiper is said to be an advanced versions of the same, that Indra has been using since 2019, according to the research by Check point. The research also suggests that the attackers had an access to the government’s system prior to the installing of the malware.
The source of the attack is still unknown as some anticipates it to Indra Group while some speculates it to Israel. Though after these incidents, government bodies around the world must have learned a lesson and must start focusing on securing the system thoroughly since the next time an equivalent attack can occur, anytime and to anyone.
