Originally published by The Meir Amit Intelligence and Terrorism Information Center, Iran bulletin number 165.
Ali-Reza Nikzad, a spokesman for the Petroleum Ministry, confirmed on Monday, April 23, that in recent days the information systems of the Petroleum Ministry and the National Petroleum Company have been under a cyber attack. He said that the virus, which attacked the computers for the purpose of deleting the information they contained, burned the motherboards of computers connected to public servers and deleted some of the information. He stressed, however, that the most important information of the Petroleum Ministry was intact, since the public servers attacked operate separately from the main servers, which are not connected to the external internet network. He added that all the ministry’s information is backed up (Fars, April 23).
ISNA News Agency reported that servers used by the Petroleum Ministry and a number of related companies had been attacked by a virus dubbed “Viper”. According to the report, the attack began last month and peaked earlier this week. The news agency reported that the cyber police started investigating the incident (ISNA, April 23).
Mehr News Agency reported that, as a result of the attack, Iran’s main oil terminal in the Persian Gulf island of Kharg was disconnected from the internet to avoid further damage. The terminal is used for the export of about 90 percent of Iranian oil. In addition, all the internet systems in the Petroleum Ministry, the National Petroleum Company, the National Gas Company, and several other companies associated with the oil sector and petrochemical industries have been cut off as of Sunday. According to the news agency, the cyber attack caused no damage to oil production and export and did not disrupt the country’s gasoline supply systems. (Mehr, April 23).
Following the cyber attack, the Petroleum Ministry established a crisis headquarters. Hamidollah Mohammadnejad, the head of Passive Defense Committee at the Oil Ministry, reported that the headquarters was established to prevent the attack from going any further and investigate whether it was carried out from inside Iran or from elsewhere.
Fars News Agency said that the cyber attack is yet another expression of the economic war waged by the West against Iran, whose main objective is to hit the strategically important oil sector. Western countries, according to Fars, are trying to carry out a cyber attack against the oil sector due to the failure of the economic sanctions they have imposed on Iran. Fars said that the defense infrastructure should be enhanced to better cope with cyber attacks, arguing that proper management can turn most crises into opportunities. The cyber attack has shown, the news agency said, that even though the minister of telecommunications called on government ministries to relocate their computer servers and internet infrastructure into Iran, many government organizations’ servers still rely on infrastructure located abroad (Fars, April 23). In the past, Gholam-Reza Jalali, the head of Passive Defense Organization, said that Iran’s energy sector is a main target for cyber attacks and called for strengthening the Oil Ministry’s defense infrastructure against cyber threats.
The Supreme Leader has recently issued a directive on the establishment of a “Supreme Cyber Council”, whose responsibilities include the integration of efforts to prevent cyber attacks. Headed by the president, the council members include the Majles speaker, the chief of the judiciary, the head of Iran Broadcasting, the ministers of telecommunications, Islamic guidance, intelligence, and science, the chairman of the Majles Culture Committee, the chairman of the Islamic Propagation Organization, the chief of the Revolutionary Guards, the commander of the internal security forces, as well as seven experts on internet and information technology. The new council was instructed to promptly establish a “National Cyber Center” to take charge of issues pertaining to cyberspace in Iran and elsewhere, including software, hardware, and internet content.