ArchiveOODA Original

Iran Plagued with Almost a Dozen Explosions over a Three Week Period

Over the past few weeks, Iran has experienced an alarming amount of explosions occurring at various critical infrastructure locations. This post recaps explosions reported in the media and adds context which may help assess what will come next. 

At the time of this writing, 11 major events have been reported. Iran is a closed society and there may be many other events that have not been reported, but Iranian citizens are able to get information out via some social media and we assume that if there was a major explosion in a region with a large population word will get out. 

The alleged causes of the explosions have varied, and all official statements should be viewed with suspicion. That said, we provide what is being reported and or speculated below. Although official statements do not have much credibility, it is clear that people have been injured (at least 100). Based on the types of installations being targeted, we assess this to be part of a campaign. We cannot tell if this is a campaign orchestrated by internal Iranian factions or by a foreign nation or group of nations. We are tracking media and analysts reports that opine on who may be behind these attacks, but all of that is speculation at this point. 

Some have speculated that Israel may play a role in the suspicious events after Foreign Minister Gabi Ashkenazi stated that Iran must be prevented from developing nuclear capabilities amidst queries into whether Israel played a role in the events. The explosions may have been triggered by cyberattacks, however, some may also have been coincidental and the result of human and machine error. A BBC Persia reporter stated that he was contacted by a group of Iranian dissidents composed of former military and security force members. The group calls themselves the Homeland Cheetahs, and claimed responsibility for the attack on Natanz before it was reported by news outlets, according to the reporter. 

Events we have identified include: 

  • June 25, 2020
    • Explosion occurred at Iranian military facility in Parchin, 20km SE of Tehran
    • Iranian officials state it was a gas storage incident
      • Speculation over whether Israel had a role in the explosion
  • June 30, 2020
    • Explosion at Sina At’har medical center in Tehran
    • Casualties totaled 19, including 15 women and 4 men
    • Deputy mayor of Tehran claims the explosion was caused by a leaking gas tank 
  • July 2, 2020
    • Explosion at Iran’s largest nuclear enrichment facility in the city of Natanz
    • Serious damage to facility occurred, expected to derail Iran’s nuclear efforts
  • July 4, 2020
    • Explosion occurred at the Shahid Medhaj Zargan power plant in Ahvaz.
    • 70 injured on the same day in a subsequent chlorine gas leak in the nearby city of Mahshahr
  • July 7, 2020
    • Explosion inside an oxygen facility in Baqershahr, south of Tehran
    • 2 killed and 3 were injured in the incident
    • State news agency declared the explosion a result of “human error”
  • July 9, 2020
    • Explosion reported in western Tehran
    • Officials denied reports of the blast, however, admitted to power outages in the area
    • A gas explosion occurred in a residential building later in the day, injuring one
  • July 12, 2020
    • Explosion occurred at the Tondgooyan petrochemical plant in the city of Mahshahr, located in southwest Iran. 
    • Iranian officials state the explosion occurred due to high temperatures
  • July 13, 2020
    • Explosion at an industrial complex in the city of Mashhad, in northeastern Iran
    • Iran state media report that the explosion was a result of a malfunctioning gas condensate storage tank
  • July 15, 2020
    • Seven ships reportedly caught fire in the port of Bushehr, Iran
    • A fire occurred earlier in the day at an aluminum factory in the town of Lamerd
  • July 18, 2020
    • Explosion reported in an oil pipeline 
    • Occured in the southwest city of Ahvaz
  • July 19, 2020
    • Explosion at a power plant in the Isfahan province
    • No injuries or casualties reported 

Risk Component

The recent unexplained explosions have highlighted the vulnerability of critical infrastructure in Iran and abroad. Although the cause of the incidents is still being determined, the past month in Iran signifies a broader issue across the globe in protecting vulnerable infrastructure. In 2009 and 2010, Iran’s infrastructure and nuclear facility in Natanz was also targeted in a campaign using the Stuxnet computer worm, causing substantial damage to Iran’s nuclear program. Although there is no official party responsible for developing Stuxnet and targeting Iran through a series of cyberattacks, the campaign was largely traced back to a joint effort between the US and Israel to hinder Iran’s nuclear capabilities. Similarly, these attacks also target power plants and similar locations, resembling the Stuxnet events a decade ago. 

Likewise, facilities in the US and other countries could be targeted by retaliatory cyberattacks resulting in explosions like in Iran that appear to be human error but may actually be the work of foreign hackers. The fire at Natanz that mysteriously broke out and caused serious damage to the facility and nuclear program is reminiscent of the 2010 Stuxnet attacks. While past precedent has resulted in the suspicion largely falling on the US and Israel, the U.S. and other Western companies should recognize that similar attacks could occur at their commercial facilities as well. The potential for these retaliatory or copycat attacks should be addressed in efforts to  secure critical infrastructure to prevent and mitigate the risk of cyberattacks that damage power plants, nuclear development sites, and other areas of high importance.  Additional, attribution to Israel could instigate additional instability in the region.

Iran’s experiences over the past month could signify a quieter kind of sabotage in which its enemies target the country’s infrastructure without blatant displays of warfare such as bombings from planes or missiles. Due to the volatility of the chemicals present at the sites, it was easy to attribute the explosions to machine and human error, however, the frequency and nature of the incidents point to foreign interference instead. Similar to Stuxnet, foreign powers have found less obvious ways to mitigate threats posed by countries such as Iran, formulating cyberattacks and physical sabotage that can be just as costly and damaging as actual warfare. 



Madeleine Devost

Madeleine Devost

Madeleine Devost is a student at the University of Virginia where she is pursuing a double major in Foreign Affairs and Arabic language, with a minor in French. Madeleine has experience working in cybersecurity and open source investigations for a DC area cybersecurity firm and is a regular attendee at the Def Con hacker conference in Las Vegas. Madeleine has previously studied abroad in Greece and is planning to study Arabic in Morocco in the summer of 2020.