NIOPDC, a state-owned natural gas distribution company in Iran, is suspected of being attacked by a network. Gas stations across the country have software failures, which prevent them from correctly billing and collecting payments. Inexplicably, politically-related content is displayed on gas pump screens and billboards.
Therefore, NIOPDC temporarily closed the gas station operation, and drivers waited in long queues for refueling, which triggered a large-scale discussion on social networks;
The Iranian Oil Ministry responded in the afternoon, blaming the incident on a software glitch, and the affected gas stations also resumed operations.
Suspected of being affected by a cyber attack, software malfunctions occurred at gas stations across Iran, and abnormal political content was inexplicably displayed on gas pump screens and gas billboards.
The incident occurred on the morning of October 26 (yesterday) and mainly affected the IT network of NIOPDC. NIOPDC is an Iranian state-owned gas distribution company that manages more than 3,500 gas stations across the country.
According to local media reports and social media sources, the cyberattack resulted in the “cyber attack 64411” being displayed on the gas pump screen at the NIOPDC gas station.
The abnormal Display on the gas pump screen did not affect the normal refueling, but NIOPDC soon realized that the attacked oil pump could not be billed and collected correctly, so it assigned employees to shut down the operation of the gas station.
At the same time that many gas stations in Iran stopped operating, a photo began to circulate online. The photo shows “cyber attack 64411” displayed on a small screen at a gas station. 64411 is the phone number of the Office of the Supreme Leader of Iran.
— Iran International English (@IranIntl_En)
In addition, the words “cyber attack 64411”, as well as “Khamenei where is the gas?” (Khamenei, where is the gas?) and “Free gas at [local gas station’s name]” (free gas, all in[油站名称]).
64411 is the office number of Iranian Supreme Leader Ayatollah Saeed Ali Khamenei.
Iran’s railway system was attacked 3 months ago
On July 9 this year, in another cyber-attack on Iran’s railway system, the same number was also tampered with on large screens at railway stations across the country. The attackers asked travelers to call the Iranian leader and ask him why the train was delayed.
The incident of tampering with the large screen of the Iranian railway station was found to be related to the Meteor data erasure malware.
Iranian gas stations have been targeted in this nationwide cyberattack. “64411” was displayed on the digital screen of the oil pump; “Khamenei, where is our petrol?” appeared on some billboards
— Shayan Sardarizadeh (@Shayan86)
According to Jahan News, despite a wealth of evidence on social media, a spokesman for Iran’s oil ministry apparently downplayed the nature of a “cyber attack” in an official statement released that afternoon, blaming the incident on a software glitch.
A follow-up report from Jahan News also mentioned that the affected gas stations have now resumed refueling operations.