Predatory Sparrow

 








About

Predatory Sparrow (in Persian Gonjeshke Darande) is a group of self-proclaimed hacktivists, that carried out numerous attacks against Iranian railway systems and Iranian steel plants. They are suspected to be connected or sponsored by a nation state. They claimed that they carried out all the attacks cautiously, so as not to harm innocent individuals and also warned the emergency services of Iran beforehand. A possible suspect is Israel. 

Targeted Attacks

Predatory Sparrow have attacked many national and international companies of Iran among other countries like the USA, UAE, etc.:
  1. Making Iran's national fuel station payment system offline in October 2021.
  2. Hacked Iranian train stations in July 2021.
  3. Failed attempt to raise Chlorine levels in Israel's water supply to dangerous levels.
  4. Targeting Iran's state-owned companies like Khouzestan Steel Company (KSC), Mobarakeh Steel Company (MSC), and Hormozgan Steel Compant (HOSCO).
No significant damage was reported in HOSCO and MSC. However, an industrial machine in KSC malfunctioned, causing fire and molten steel on the factory floor. Also, files containing top secret data and thousands of emails of these companies about their customers and trading practices, were stolen and some of them were even published. The websites of MSC and KSC went offline and the production line in KSC was shut down for a few days. The hacking group even gained access to the Telegram channel.

Method

According to the research of Certfa Lab, a non-profit cybersecurity and privacy group, the hackers might have gained access via a third-party software vulnerability and not through a direct cyber operation against these companies' infrastructure. Their attack was noteworthy because such large scale hacking requires an impressive intelligence  and physical penetration of the facilities. This hacker group also published a video showing the factory workers leaving a part of the plant before a machine started spewing molten steel and fire, and ending with people pouring water with hoses. 

Motive

According to Predatory Sparrow, the companies were targeted because they are subject to international sanctions and continue their operations despite the restrictions. The threat actors declared that they attacked in response to the act of aggression done by the Islamic Republic. 

Conclusion

An investigation claims of linking these attacks to Israel, and if it is proven that a state has done physical damage to the Iranian steel factory then, it might have violated the International laws of prohibiting the use of force. It may also give a chance to Iran to fight back legally. The cyber operation has also been put in the context with the Stuxnet attack. 













































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)