New Details On Iranian Railroad Cyberattack

New Details On Iranian Railroad Cyberattack

Over the weekend, Iran’s railroad system was hit by a cyberattack first revealed on July 9, 2021, as reported by the FARS news agency, which has ties to Revolutionary Guard, a branch of the Iranian Armed Forces. According to the new information, the attackers appear to have breached the railroad’s IT systems at least a month before the incident.

Hundreds of trains in Iran were canceled or delayed after the hacker attack. The country’s rail website was offline, too, possibly because of the incident.

It was not clear if the message posted on the station notice boards was an official government warning or a hacker’s message. However, previously, attackers had managed to access the airport announcements boards to post anti-government messages.

The most recent message stated, “Long delays due to cyberattack”, and a phone number. “The number might belong either to the office of President Hassan Rouhani or Supreme Leader Ali Khamenei. It is not clear if hackers have posted the information or the authorities,” Iran International wrote.

It’s possible that the attack was carried out to humiliate Ebrahim Raisi, who will become the new president of Iran. It’s likely that the country’s enemies were trying to cripple him before he takes over.

According to the newspaper, Iran regularly becomes a target of Israeli hackers. The country is widely believed to be the cause of a blackout at its nuclear facility in April 2021.

According to further details on the railroad attack shared by Iran International, the attackers infiltrated the country’s railroad system in early June and were preparing payloads for the attack since then.

The attackers seem to have taken advantage of inadequate security measures taken by staff working from home. It was also exacerbated by the existing weaknesses in the systems like “not guarding passwords, not updating antivirus software and insufficient investment in cyber security.”

The attackers then started changing the loading protocols and passwords. They prevented administrators from remotely accessing the system and disabled recovery.

The attack could have also been a reprisal for Iran’s actions against other countries, according to the news media.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.