Indra, a group that identifies itself as regime opposition, has conducted the cyber attack on Iran’s train system on July 9, Check Point Research (CPR) reveals.
CPR confirms that Indra was also responsible for cyber attacks against multiple companies in Syria in 2019 and 2020.
On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations by asking passengers to call 64411, the phone number of Iranian Supreme Leader Khamenei’s office.
Train services were disrupted and just a day later, hackers took down the website of Iran’s transport ministry. The ministry’s portal and sub-portal sites went down after the attack targeted computers at the Ministry of Roads and Urban Development.
Indra’s tools destroyed data without direct means to recover it. Indra ran a “wiper”, malware designed to wipe the entire data system of critical infrastructure, making the recovery process complicated, locking users out of machines, changing passwords and replacing wallpapers to custom messages crafted by attackers.
Check Point recommends governments maintain the latest security patches and data backups, improve personal cyber-awareness training, and install anti-ransomware solutions.