According to a report produced by Check Point research, Iran’s steel manufacturing industry has been subject to ongoing cyberattacks that previously affected the country’s rail system. The same malware used in cyberattacks against Iranian steel plants is also connected to an attack against the rail system last year, leading researchers to believe that there may be a connection. In both cases, the malware was used to inflict physical damage to critical infrastructure. Check Point Research states that the contextual clues, recycled jokes, and overlaps in code all point to the fact that the attacks, occurring a year apart, may be attributed to the same threat actor.
The potential motives behind the cyberattacks may be to severely impact Iran’s capabilities as they pertain to critical infrastructure such as public transportation and steel production centers. According to reports, employees noticed that a steel billet production line began to spark and malfunction on June 27 at the Khuzestan Steel Corporation. The company confirmed that the attack was addressed before more serious events could take place. On Twitter, a user appeared to claim responsibility for the attack, however, this has not been verified. The user cited the attackers’ motives, claiming that the companies continue to operate as normal despite being subject to international sanctions. In addition, the post claimed that the attacks were in response to the aggression of the Islamic Republic. As previously mentioned, the post has not been verified and it is unclear if the user is connected to the attacks that occurred this year and last.
Read More: Latest Cyberattack Against Iran Part of Ongoing Campaign