Hacktivist Group Attack Three Iranian Steel Companies
Industry: Critical Infrastructure | Level: Strategic | Source: CyberScoop
A cyberattack on Monday, June 27th, 2022, has impacted three Iranian steel companies with the threat actors deploying wiper. A hacktivist group under the alias “Gonjeshke Darande,” has claimed responsibility on Telegram and Twitter. As reported by CyberScoop, "A video shared by the group, with a date stamp of June 27, appears to show equipment being damaged and a subsequent fire, with firefighters rushing in to extinguish the flames. Operations at one of the companies, Khuzestan Steel — reportedly one of Iran’s largest — were suspended as a result of the attack." This is the same group responsible for an attack on the Iranian railway system in July 2021, also involving the deployment of wiper malware. The attack caused massive delays and disruptions in service. Researchers from SentinelOne have been tracking this threat group since the 2021 attack on the Iranian railway mentioned the group “used a variety of false fronts” associated with the alias Indra, Gonjeshke Darande, Predatory Sparrow, and potentially, Edalat Ali.