The Israeli company Check Point released new findings over the weekend related to the cyber attack that disrupted the train system in Iran last month. As mentioned, the Israeli researchers analyzed the attack tools used by the hackers, based on an initial publication of the damage used in the attack by an Iranian company, and found that they are very similar, both technically and operationally, to attack tools used against several companies in Syria in recent years.
At Check Point, they analyzed files used in the attack on the railway system and the Ministry of Transportation and Urban Development in Iran. And linked the attack to a group of hackers identified as “Indra”– The members of the group identify themselves as opposition to the Iranian regime, and in their attacks they used a “Wiper” tool, which destroys and deletes the information on the computers, without leaving the possibility of recovering it. Pictures of messages against Iran, Hezbollah and the Quds Force of the Revolutionary Guards in Iran were displayed on the screen of the victims of the attack.
The recent attacks against the railway system in Iran are an example of the ability of a single group to cause significant disruptions, by harming various visual means, including temporary panel displays on platforms. Checkpoint urges governments around the world to take the threat seriously, update security updates on systems, back up data and improve their employees’ awareness of information security.
Itai Cohen, a senior cyber researcher at the company, explained: “We have become accustomed to thinking that although non.state hacker groups are capable of carrying out cyber attacks with real damage, they do not do so – but this is not committed to reality.” He stressed that serious disruptions of the kind that have occurred in Iran “can also happen in Berlin, Tokyo, or New York. The damage that a single attack group can cause to critical infrastructures around the world is real.“
As you may recall, the sequence of attacks took place in early July, when reports were published in Iran of a cyber attack disrupting the country’s train system. The hackers behind the attack posted the phone number “64411” on the train monitors for more information. It later emerged that this was the phone number belonging to the office of Supreme Leader Ali Khamenei. Also the next day, the website and computers of the Ministry of Transport and Urban Development in Iran were attacked by the same attack group.