clock menu more-arrow no yes

Filed under:

Malware attack on Iran's oil ministry: infrastructure fine, but websites taken offline

New, 13 comments

Iran's Ministry of Petroleum, as well as a number affiliated companies, were hit with a malware attack on Sunday. While the attack did not cause significant damage, it did take the oil ministry's website offline, and succeeded in stealing some site user information.

iran ministry of petroleum 1020
iran ministry of petroleum 1020

Iran's Ministry of Petroleum and a number of affiliated companies were hit with a malware attack on Sunday, the ministry confirmed. Production equipment at several locations was taken offline as a precaution, including at the Kharg Island oil terminal, where 90 percent of oil exports are handled. While an oil ministry spokesman said the attack "had not caused significant damage," it wasn't completely ineffectual. The BBC reports the attack took the oil ministry and national oil company websites offline, and that some of the sites' user data was stolen. Iran's core data on oil production is safe, however, since it's housed offline and therefore much less accessible to attackers. Following the attack a "cyber crisis management committee" was established, reports Mehr News, although the committee's mandate hasn't been made clear.

The incident is reminiscent of the 2009 Stuxnet attack on Iran's nuclear programme, when industrial controllers were attacked, damaging important gas centrifuges. However, this incident looks like it's in an entirely different league from Stuxnet. It only knocked a handful of government and private sector websites offline and otherwise seems to have caused minimal damage in terms of lost data (everything was backed up) and actual oil production.