Cyberv3ngers: Iranian saboteurs hacking water and gas systems around the world

Almost at the same time, Cyberv3ngers also released on the telegram that more than 200 Israeli and US gas stations were hacked in digital systems – people with Claroty, who in some cases say, were largely limited to hacking their surveillance systems – and claimed to be shut down in Israeli.

The initial wave of cyber 3ngers, whether real or fabricated, appears to be part of a Tate for Tat with a very aggressive hacker group who is believed to work on behalf of Israeli Army or Intelligence Organizations. The rival group, known as the predatory sparrow, has repeatedly targeted Iranian critical infrastructure systems, while similarly hiding behind a Hacotivist front. In 2021, more than 4,000 Iranian gas stations were deactivated across the country. Then, in 2022, a steel factory set fire to the most destructive cyber attack in history. Following the hacking campaign in late 2023 Cyberv3ngers and launching a missile against Israel by Iranian -backed Houthi rebels, the looters’ sparrows retaliated again by launching thousands of Iranian gas stations in December of that year.

“Khamenei!” Sparrow Predatory wrote, referring to Iran’s supreme leader in Persian. “We will respond to your evil provocations in the area.”

The predatory sparrow attacks are strongly focused on Iran. But Cyberv3ngers did not limit itself to Israeli goals or even Israeli -made apparatus used in other countries. In April and May last year, Dragos says the group violated a US oil and gas company – Dragos refused to endanger Sophos and Fortinet Security. Dragos found that in the following months, the group was scanning the Internet for vulnerable industrial control system control devices as well as visiting the manufacturers’ websites to read about them.

Following the late 2023 attacks, the US Treasury punished six IRGC officials, which says it was related to the group and that the State Department has put $ 10 million in its head. But far from deterrence, Cyberv3ngers have shown signs of evolution to a wider threat.

Last December, Claroty revealed that Cyberv3ngers contaminated a wide range of industrial control systems and Internet devices (IoTs) around the world using a piece of malware it created. The tool, which Claroty calls iocontrol, was a Linux -based back that hid its communications in the MQTT protocol used by IoT devices. All this was planted from routers to camera to industrial control systems. Dragos says group -contaminated devices have been found around the world, from the United States to Europe to Australia.

According to Claroty and Dragos, the FBI controlled the command and control server for the iocontrol at the same time as the December Claroty report and thwarted malware. (FBI did not respond to Wired’s request for comment on the operation.) But, according to Noam Moshe, who follows the group for Claroty, the Cyberv3ngers hacking campaign shows a dangerous transformation in the group’s tactics and motivations.

“We are witnessing that cybercrins are moving from the world of opportunistic invaders, in which their whole purpose is a message to the realm of a continuous threat,” Moshe says. “They wanted to contaminate all kinds of assets that are known as important and only leave their malware there as an option for the future,” he said.

Exactly what this group may wait – probably the strategic moment that the Iranian government can gain geopolitical advantage is not far from being disrupted in widespread digital disruption. But the group’s actions indicate that it is no longer seeking to send a message of protest against Israeli military action. Instead, Moshe argues that it is trying to obtain the ability to disrupt foreign infrastructure.

“It’s like a red button on their desk. At one point they want to attack different sectors, different industries, many different organizations, but they choose,” he says. “And they don’t go away.”