A new investigation by Israeli-American cybersecurity company Check Point Software Technologies has concluded that a mysterious group opposed to the Iranian government was most likely behind last month’s cyberattack on Iran’s railroad system, The New York Times reported Saturday.
The attack caused widespread chaos with hundreds of trains delayed or canceled, and initially many fingers were pointed at Israel.
The group in question is known as Indra, named after the god of war in Hindu mythology.
“We have seen many cyberattacks connected with what are believed to be professional intelligence or military units,” Itay Cohen, a senior researcher at Check Point, told The New York Times. “But here, it seems to be something else entirely.”
The company’s report, which was reviewed by The New York Times, said the attack was a cautionary tale: An opposition group without the budget, personnel or abilities of a government could still inflict a good deal of damage.
Check Point said the hack bore striking similarities to others against companies connected to the Iranian government that Indra had claimed in 2019 and 2020.
Indra first surfaced on social media shortly before its first hacking claim in 2019 and has since posted in English and Arabic, noted The New York Times. It has claimed responsibility for a series of attacks targeting companies linked to Iran and its proxies, like Hezbollah.
The group’s Twitter account says its mission is to “bring a stop to the horrors of QF and its murderous proxies in the region,” referring to the Quds Force — the foreign-facing branch of the Revolutionary Guards — and the proxy militias it oversees around the Middle East.
The attack last month caused train services in Iran to be delayed. The hackers posted the phone number of the country's Supreme Leader, Ayatollah Ali Khamenei, as the number to call for information.
Iran has been hit by several cyber attacks in recent years. Last October, Iranian officials confirmed the country’s Port Authority had been hit in a cyberattack, which was attributed to “sworn enemies” who “failed to achieve their goals” of hitting Iran’s economy through sanctions.
In December of 2019, Iran’s telecommunications minister said the country had defused a cyberattack which was “aimed at spying on government intelligence”.
Previously, it was reported that the US had launched a secret cyberattack against Iran. The attack reportedly wiped out a critical database used by Iran’s paramilitary arm to plot attacks against oil tankers and degraded Tehran’s ability to covertly target shipping traffic in the Persian Gulf.