Gas stations from the National Iranian Oil Products Distribution Company (NIOPDC) have stopped working today due to a cyberattack that affected the entire distribution network.
The incident has generated a string of hacks on electronic road billboards to show messages demanding an explanation or asking for fuel.
The NIOPDC network has more than 3,500 stations across the country and has been supplying oil products for more than 80 years.
Hackers echo previous attack
An investigation is looking into the cause of the disruption and there is no public information about who did it at this moment but Iran is blaming a hostile country.
A clue, which could also be a false lead, is a message displayed on the machines reading “cyberattack 64411.”
The note is a reference to a cyberattack in July that disrupted Iran’s train service. The attackers also modified the railway message boards to say that hackers caused the trains to be delayed or canceled and displayed the phone number for the office of Supreme Leader Ali Khamenei.
Research from cybersecurity company SentinelOne revealed that Iran’s train station system was targeted with malware specifically built to delete data (file wiper) called Meteor that had not been seen before.
Today’s attack left some Iranians waiting for hours for the gas stations to open and were left without fuel.
According to media reports, the “cyberattack 64411” message appeared to customers that tried to get subsidized fuel at 5 cents a liter or 20 cents a gallon using government-issued cards.
As news spread about the NIOPDC distribution network being under attack, digital billboards in multiple cities in Iran started to show messages reading “Khamenei! Where’s our fuel?” and “Free fuel in Jamaran station.”
According to BBC journalists Shayan Sardarizadeh and Kian Sharifi, the Iranian state television confirned the reports of a cyberattack hitting gas stations and Iran’s Supreme Council of Cyberspace believes the incident is state-sponsored, although it is early to say which country is behind it.