Pro-Israel hacktivist group brings down 70% of gas stations in Iran

Israel-aligned hacktivist group, group Gonjeshke Darande — also known as Predatory Sparrow — has claimed responsibility for a cyberattack against Iran’s gas stations, which has disrupted 70% of them, according to reports.

The attack disrupted Iran’s fuel distribution system, disabling smart cards for subsidized fuel access, leading to widespread station malfunctions and forcing some to sell gasoline at non-subsidized prices.

“We, Gonjeshke Darande, carried out another cyberattack today, taking out a majority of the gas pumps throughout Iran,” the group wrote on its Telegram channel. “This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region. This cyberattack was carried out in a controlled manner to avoid potential damage to emergency services.”  

Iran’s Petroleum Minister Javad Owji accused Israel and the US of the recent cyberattack, while Iran’s Passive Defence Organization said it is preparing a response.

Predatory Sparrow has previously claimed responsibility for several attacks on Iranian infrastructure. The group was responsible for an attack against Iran’s steel industry in 2022, and an attack on the nation’s railways in 2021 as well as an attack on the Iranian Offshore Oil Company and the Ministry of Roads and Urban Development, according to Check Point Research. 

In a 2021 report, Check Point Research analyzed the technical nature of Predatory Sparrow’s malware, analyzing its sophisticated cyberattacks on Iranian railways and Syrian infrastructure.

Predatory Sparrow, which, according to Check Point Research, appears to be a successor group to another anti-Iran hacktivist collective called Indra, employed complex wiper malware and exploited network vulnerabilities against their targets in the country.

Indra also has claimed responsibility for instructions into the Syrian airline Cham Wings. They claimed their hack revealed the movements of Islamic Revolutionary Guard Corps General Qassim Soleimani under an alias, contributing to his identification and subsequent targeting in a 2020 US airstrike, though scholars and analysts cast doubt on the validity of this claim.

Revenge for October 7

Shortly after the October 7 attack on Israel, a representative of the group told Reuters it was targeting Iran for its Hamas support and stated its readiness for future assaults and ability to inflict severe, multi-domain damage in response to any offensive actions against the country.

“When we will start, the gates of hell will open,” Predatory Sparrow said. Pro-Hamas groups supported by Iran have also hit back at Israel.

The recent cyberattack on Israel’s Ziv Medical Center, attributed by the Israel National Cyber Directorate to Iran and Hezbollah, coincides with an uptick in digital disruptions by pro-Hamas groups linked to Iran against Israeli and US targets.

The National Iranian Oil Products Distribution Company (NIOPD) announced that the smart card system – disabled by Predatory Sparrow’s attack –  would be operational again on December 19.