Iran appears to have has suffered a cyberattack that has disrupted and possibly damaged state websites and caused the facilities at the country’s key Kharg Island oil facility to be disconnected from the Internet, news agencies are reporting.
The Iranian Mehr news agency briefly said that the Iranian Oil Ministry, the National Iranian Oil Company which control the huge oil production terminal had been targeted by an unidentified “worm” on Sunday evening, suffering disruption but no lasting damage.
However, there are conflicting reports about the full extent of the disruption, with one quoting Oil ministry official Alireza Nikzad as saying that a “virus” had deleted user data from web servers at the two ministries in question.
The websites of the ministries were also reported to have been offline for some hours, although that alone would not be unusual – Iranian websites are often attacked even if that fact is not always reported.
Oil production at Kharg Island is not believed to have been directly affected. The disconnection of the facility is likely a standard reaction by admins when faced with a worm infection but this is impossible to confirm.
Officials quoted by news agency AFP were willing to liken the attack to the Stuxnet worm of 2010, which is widely believed to have caused significant disruption to industrial systems used by Iran’s fledgling nuclear development programme.
The country had formed a "cyber crisis committee" to cope with the cyberattack, AFP reported.
On the basis of the sketchy information coming out of the country, a Stuxnet II seems unikely. That malware was noticed across the world before its success in Iran was uncovered. The malware’s targeting or the country was largely inferred from the fact that it attacked industrial control systems used extensively in Iran.
“Whilst in an earlier attack, Stuxnet seems to have been aimed at the nation's nuclear programme, this particular attack isn’t Stuxnet – at least in the form we’ve previously seen it,” commented ESET senior research fellow, David Harley.
“The Stuxnet payload is very hardware-specific, whereas this malware appears to have stolen and/or destroyed data (depending on which report you read). It may be related, of course, especially if it turns out that it is targeted,” he speculated.
The country is also accused of being an Internet aggressor recently being accused of being behind a large and organised attack on the BBC that caused several days of problems for the Corporation.