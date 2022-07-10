U.S. markets closed

  • S&P Futures

    3,893.25
    -8.00 (-0.21%)
     

  • Dow Futures

    31,275.00
    -35.00 (-0.11%)
     

  • Nasdaq Futures

    12,111.00
    -41.00 (-0.34%)
     

  • Russell 2000 Futures

    1,764.30
    -5.10 (-0.29%)
     

  • Crude Oil

    104.55
    -0.24 (-0.23%)
     

  • Gold

    1,739.20
    -3.10 (-0.18%)
     

  • Silver

    19.24
    +0.00 (+0.02%)
     

  • EUR/USD

    1.0157
    -0.0025 (-0.24%)
     

  • 10-Yr Bond

    3.1010
    +0.0930 (+3.09%)
     

  • Vix

    24.64
    -1.44 (-5.52%)
     

  • GBP/USD

    1.2006
    -0.0029 (-0.24%)
     

  • USD/JPY

    136.4300
    +0.3500 (+0.26%)
     

  • BTC-USD

    20,806.66
    -619.72 (-2.89%)
     

  • CMC Crypto 200

    449.22
    -28.45 (-5.96%)
     

  • FTSE 100

    7,196.24
    +7.16 (+0.10%)
     

  • Nikkei 225

    26,995.09
    +477.90 (+1.80%)
     

Predatory Sparrow: Who are the hackers who say they started a fire in Iran?

Joe Tidy - Cyber reporter
·6 min read
The steel factory moments before the fire
The steel factory shortly before the fire

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world.

But a cyber-attack on a steel maker in Iran two weeks ago is being seen as one of those significant and troubling moments.

A hacking group called Predatory Sparrow said it was behind the attack, which it said caused a serious fire, and released a video to back up its story.

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses.

In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to equipment.

Predatory Sparrow, also known by its Persian name, Gonjeshke Darande, says this was one of three attacks it carried out against Iranian steel makers on 27 June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails.

On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber-attacks, being carried out carefully to protect innocent individuals."

That last sentence has pricked the ears of the cyber-security world.

Clearly the hackers knew that they were potentially putting lives in danger, but it seems they were at pains to ensure the factory floor was empty before they launched their attack - and they were equally eager to make sure everyone knew how careful they had been.

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Predatory Sparrow
Predatory Sparrow has a Telegram channel, Twitter account and even a logo

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this.

"If this does turn out to be a state sponsored cyber-attack causing physical - or in the war studies jargon 'kinetic' damage - this could be hugely significant," says Emily Taylor Editor of the Cyber Policy Journal.

"Historically the Stuxnet attack on Iran's uranium enrichment facilities in 2010, has been highlighted as one of the few - if not the only known - example of a cyber-attack causing physical damage."

Stuxnet was a computer virus first discovered in 2010 that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme.

Since then there have been very few confirmed cases of physical damage.

An Iranian government handout showing work at the Natanz nuclear facility
Natanz is heavily protected, with its most sensitive machinery housed deep underground

Possibly the only one came in 2014 in Germany. In the annual report of the German cyber authority it was stated that a cyber-attack caused "massive damage" to a steel factory, causing an emergency shutdown, but no further details have ever been given.

There have been other cyber-attacks that could have caused serious damage but didn't succeed. For example, hackers have tried but failed to add chemicals to the water supply by taking control of water treatment facilities.

It's more common for cyber-attacks to cause disruption - to transport networks for example - without causing real physical damage.

Emily Taylor says it's a significant distinction because if a state is proven to have caused physical damage to the Iranian steel factory it may have violated international laws prohibiting the use of force, and provided Iran with legal grounds to hit back.

So if Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? Its name, a play on the name of the Iranian cyber-warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran.

The Stuxnet attack is widely thought to have been carried out by Israel, with support from the US. And this time the murmurings linking the Predatory Sparrow attack with Israel have been loud enough to prompt a response from the Israeli government.

According to Israeli media reports, defence minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack.

The minister is reportedly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

"If this cyber-attack is state-sponsored then of course Israel is the prime suspect. Iran and Israel are in a cyber-war, and officially both states acknowledge this," says Ersin Cahmutoglu from The Centre for Iranian Studies in Ankara.

"Both states mutually organise cyber-attacks through their intelligence services and everything has escalated since 2020 when retaliation came from Israel after Iran launched a failed cyber-attack on Israeli water infrastructure systems and attempted to interfere with the chlorine level."

Iran road sign hijacked by hackers
Predatory Sparrow hijacked road signs to spread chaos in Iran

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei.

Again, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that hacked Iranian train station displays in July last year.

According to Iranian news reports, hackers indicated on information boards at stations across the country that trains were cancelled or delayed, and urged passengers to call the supreme leader.

But experts say the steel factory attack is a sign that the stakes are getting higher.

train displays hacked in iran
In August 2021 train station displays were hacked causing confusion to rail users

According to the CEO of Mobarakeh Steel Company, where the fire apparently took place, the plant's operations were not affected by the attack and no-one was hurt. The two other companies targeted also said they experienced no problems.

Narim Gharib, a UK-based opposition Iranian activist and independent cyber-espionage investigator, is convinced the video is genuine. He notes that two other videos of the fire were also posted on Twitter.

"The attack was real, as workers recorded video from another angle and we saw a statement posted on one company's Telegram channel regarding the suspension of the production line, which was later denied."

He fears a threshold has now been crossed.

"If Israel is behind these attacks, I think they are showing that they can do real damage rather than just disrupting a service. It shows how things can quickly escalate."

Recommended Stories

  • Ukrainian soldiers train in UK as war with Russia rages on

    The first cohort of Ukrainian soldiers, many of whom have no previous military experience, have arrived in the U.K. for combat training as the eastern European nation races to replace troops killed and wounded in the war against Russia. The first few hundred recruits are receiving instruction at sites across Britain in the first phase of program that aims to train up to 10,000 Ukrainian soldiers in weapons handling, battlefield first aid and patrol tactics, the U.K. Ministry of Defense said. It is part of broader package of support for Ukraine that includes 2.3 billion pounds ($2.8 billion) of anti-tank weapons, rocket systems and other hardware.

  • Visit by China's top diplomat underscores importance of Zimbabwe ties

    A trip to Harare this month by China's top diplomat has underscored the importance of Beijing's relationship with Zimbabwe, its firmest economic and diplomatic ally in Africa. Zimbabwe has been cut off from global capital markets in the two decades since the United States and some other Western nations imposed sanctions on Harare over human rights violations and the seizure of land from white farmers, leaving Beijing as the main financier of infrastructure projects such as hydroelectric dams, ai

  • Trevor Keels with a 2-pointer vs the Chicago Bulls

    Trevor Keels (New York Knicks) with a 2-pointer vs the Chicago Bulls, 07/10/2022

  • Thousands rescued at flood-hit Hindu pilgrimage in Kashmir

    Emergency workers rescued thousands of pilgrims after flash floods triggered by sudden rains swept through their makeshift camps during an annual Hindu pilgrimage to an icy Himalayan cave in Indian-controlled Kashmir, officials said Saturday. Authorities suspended the pilgrimage for two days as rains continued to lash the region. Teams of rescuers from India’s military, paramilitary and police as well as disaster management officials combed through the slippery mountain tracks and used thermal imaging devices, sniffer dogs and through-the-wall radars to locate dozens of missing.

  • Bernie Ecclestone 'sorry' for Vladimir Putin comments: 'I wasn't thinking'

    Bernie Ecclestone has issued an apology for his controversial comments about Russian president Vladimir Putin.

  • Shocking video shows Sanger woman allegedly lighting man on fire

    Sanger police say a man is in the hospital with severe burns after being set on fire by a woman.

  • SI's Orr: Joe Burrow can will Super Bowl contender Bengals to NFL playoffs year after year

    "Joe Burrow is simply better than most quarterbacks. Ja'Marr Chase is better than most receivers," SI's Conor Orr wrote of the Bengals.

  • Sarah Palin invokes gun imagery as she appears at Trump rally: ‘Don’t retreat, reload’

    A series of mass shootings in recent weeks has prompted a rare bipartisan gun control bill

  • Pulp non-fiction: DeSantis dispatches "The Wolf" to oversee election security in Florida

    Pete Antonacci, a familiar appointee to run government agencies in Florida, gets picked by DeSantis to head election security unit.

  • Rising Gas Prices: The True Cost of Going Electric

    Here's a rundown of costs involved so you can make the best decision when buying an electric car.

  • 7 Surprising Challenges of Renting in New York

    Don't let movies and TV shows fool you. Renting in New York is tough and much more expensive than pop culture lets on. Once you have an understanding of the New York real estate market, however, you...

  • Georgian Legion commander on the legions role in defending Ukraine

    UKRAINSKA PRAVDA - SUNDAY, 10 JULY 2022, 06:22 Mamuka Mamulashvili, commander of the Georgian Legion [which is fighting with the Ukrainian Armed Forces against Russia - ed.], has spoken about the combat operations his unit has been involved in since the beginning of Russia's invasion in Ukraine.

  • California has the most remote job openings in the U.S.—but another state is on its tail

    Not every state is embracing virtual work as a new normal. These are the 10 best states to find a remote job.

  • Video: Hawaiian Airlines to suspend flights to and from Orlando International Airport

    Hawaiian Airlines plans to suspend service at Orlando International Airport.

  • Meet the Elite Dog Trainers Who Teach America’s Four-Legged Millionaires to Behave

    Jet set pets have very particular needs. Their owners rely on a few discreet trainers for help.

  • State to pay $250 million to rebuild defective Lynwood High School

    A ceiling collapse on the vacant campus in June 2020 led to a structural investigation that identified widespread structural problems.

  • Maine energy: How one hydropower project sparked a $100m 'hoohah'

    A proposal to send hydropower from Canada to the US was cancelled after significant pushback.

  • Rajapaksa to Finally Exit After Sri Lanka Protesters Storm House

    (Bloomberg) -- After months of persistent street protests over fuel shortages, surging prices and financial mismanagement, Sri Lankan leader Gotabaya Rajapaksa is finally on the verge of being ousted.Most Read from BloombergElon’s OutWho Shot Shinzo Abe and Why? Everything We Know So FarTrump Lashes Out at Elon Musk and ‘Rotten’ Twitter DealBiden’s Quest for Saudi Oil Faces Reality-Check of Slim CapacityPutin’s New Weapon of Mass Disruption: Kazakh OilThe president fled on Saturday to an undiscl

  • Legal expert dismisses Musk's Twitter bot argument

    STORY: Musk said he was terminating the deal because the social media company had breached multiple provisions of the merger agreement.Twitter's chairman, Bret Taylor said the board planned to pursue legal action to enforce the merger agreement.In a filing, Musk's lawyers said Twitter had failed or refused to respond to multiple requests for information on fake or spam accounts on the platform, which is fundamental to the company's business performance.Boston College Law School professor Brian Quinn said those arguments were unlikely to be successful in court."Those are going to be hard arguments to make. So he's going to bear a burden in court to prove to the judge that these are going to be sufficient for him to walk away," he said.Musk also said he was walking away because Twitter fired high-ranking executives and one-third of the talent acquisition team, breaching Twitter's obligation to "preserve substantially intact the material components of its current business organization."Musk's decision is likely to result in a protracted legal tussle between the billionaire and the 16-year-old San Francisco-based company."This is going to be a Game of Thrones court battle between Musk and the Twitter board," said Ives.

  • Charles Leclerc gets third F1 win of season with Austrian Grand Prix victory

    Charles Leclerc revived his Formula One title challenge by holding on to win the Austrian Grand Prix on Sunday for a third victory of the season.