Rewterz Threat Update – Iranian State-Owned Company Halts Production After Cyberattack

Severity

High

Analysis Summary

A cyberattack led the Iranian state-owned Khuzestan Steel Company, one of the major steel companies owned by the Iranian government, to halt production. This appears to be one of the biggest attacks on the country’s strategic industrial sector in recent memory.

Khuzestan Steel Company has a monopoly on steel production in Iran along with two other major state-owned firms. The company was compelled to suspend operations in order to prevent damage to the production lines and disruption to the supply chains to which it belongs.

According to the Iranian news channels, the attempt was unsuccessful since the plant’s activities were halted at the time due to an energy outage.

The CEO of the company said:

“Fortunately with time and awareness, the attack was unsuccessful,”

An anonymous hacking group, named Gonjeshke Darande, claimed responsibility for the social media attack, saying it targeted Iran’s three largest steel companies in response to the Islamic Republic’s aggression.

Several cyberattacks have targeted Iranian infrastructure in recent years. One attack disrupted gas stations operated by the state-owned National Iranian Oil Products Distribution Company (NIOPDC) throughout Iran. The Iranian railroad system was also targeted by a cyberattack, with threat actors spreading false information about delays or cancellations of the trains.

Impact

• Halt in Production
• Cyber Espionage

Remediation

• Passwords – Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
• Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are not publicly accessible.
• WAF – Web defacement must be stopped at the web application level. Therefore, set up a Web Application Firewall with rules to block suspicious and malicious requests.
• Patch – Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
• Secure Coding – Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
• 2FA – Enable two-factor authentication.
• Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets