Connect with us

Hi, what are you looking for?

Jewish Business News

Cyber, Security

Check Point Reveals Culprit Behind Iranian Trains Cyberattack

The group is called Indira.

Wallpaper set up by the Indra actor on victims machines, taking responsibility for the attacks and blaming the Katerji Group for “supporting terrorists” and “trading souls” (Check Point)

In July, a cyberattack disrupted train services in Iran. Now Israel’s Check Point Research has unmasked the culprits behind the attack. Check Point found that a small group opposed to the current Iranian regime called Indira carried it out.

Indra is named after the Hindu God of War. The Indra official twitter account states that they are “aiming to bring a stop to the horrors of QF (Quds Force) and its murderous proxies in the region.”

Iranian news outlets at the time reported that the hackers posted false messages about train delays or cancellations on information boards at stations across the country. The hackers also advised travelers to call a phone number for further information. As it turned out, the number given belongs to the office of the country’s supreme leader, Ayatollah Ali Khamenei.

Itay Cohen, a senior researcher at Check Point, said, “It is very possible that Indra is a group of hackers, made up of opponents of the Iranian regime, acting from either inside or outside the country, that has managed to develop its own unique hacking tools and is using them very effectively.”

Describing the cyberattack as a “successful politically motivated attack on Iranian infrastructure,” Check Point research attributed blame to a non-state sponsored actor. “This specific attack happened to be directed at Iran, but it could as easily have happened in New York or Berlin,” explains Check Point.

The attacks took place on July 9th and 10th, 2021. Iranian Railways and the Ministry of Roads and Urban Development systems were victimized by hackers. Check Point Research investigated these attacks and found multiple evidence that these attacks heavily rely on the attacker’s previous knowledge and reconnaissance of the targeted networks.

Iran Train Hack Check Point Research

Check Point found the attack to be “tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019.” The attackers developed and deployed within victims’ networks at least 3 different versions of the wiper dubbed Meteor, Stardust, and Comet, explained the company.

“Judging by the quality of the tools, their modus operandi, and their presence on social media, we find it unlikely that Indra is operated by a nation-state actor,” explained Check Point.

The company went on to explain in its report exactly how the cyberattack was enacted. It was done using a malware known as a Wiper.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newsletter

Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

empty

The contract signed between the Israeli government and Pfizer shows clearly and unequivocally that this is a clinical study on humans - The agreement...

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...

Business

Now Platika joins and elite club of $10 billion plus Israeli firms.

Advertisement
cialis