Over the weekend, an Iranian government agency boasted that they’d successfully blocked a cyberattack that had targeted the networks of the Oil Ministry and the National Iranian Oil Company (NIOC).
After the proclamation was made early Saturday, the head of IT at the NIOC, Ahmad Tavallaei, posted to the Iranian Oil Ministry’s website that a technical problem – not a cyberattack – was the cause of network problems, which eventually led to a temporary shutdown.
In April 2012, the NIOC took several systems offline after malware was detected inside the control systems of Kharg Island oil terminal, which handles the majority of Iran’s crude oil exports.
Iran often reports to state media that they have stopped a cyberattack launched by the west – Israel or the U.S., but as this weekend’s report shows, often their claims do not match the facts. Still, since it was revealed that the U.S. (and allegedly Israel) was behind Stuxnet and Duqu, Iran can cry wolf all they want and still have a somewhat valid argument for their claims.
The last time they used Stuxnet in context was on Christmas Day 2012. According to ISNA, the state’s media agency, Ali Akbar Akhavan said that a virus “penetrated some manufacturing industries in Hormuzgan province,” but progress was halted after Iran gained some help from “skilled hackers.”
The Christmas attack had occurred over several months, Akhavan noted, and it used malware that was “Stuxnet-like.” One of the targets of the Christmas attack was Bandar Abbas Tavanir Co.
According to the company’s website, they oversee electricity production and distribution in Hormuzgan and other adjacent provinces. This led Iran to speculate and blame the west for additional infrastructure attacks.
Interestingly, once the Christmas Day attack was carried by international media, Iran attempted to walk back their claims, and blamed inter-agency confusion for misleading statements.