Iran Uncovers Malware at Petrochemical Plants

Written by

Iran has said that it has discovered industrial malware at two of its petrochemical complexes.

According to the Tehran Times, “Necessary defensive measures were taken” after the malware was detected and removed, said brigadier general Gholam-Reza Jalali. He added that the malicious code was not linked to recent blazes at Iranian plants.

An examination by Iran’s National Cyberspace Council showed that the supply chain was at issue—an increasingly common attack vector. “Investigations indicated that the industrial software packages, bought from foreign countries, were already corrupted,” said Jalali.

He didn’t comment on the extent of the incursion or any damage, but he did say that the software wasn’t implicated in the fires that have plagued Iran’s industrial sector in the past couple of months, because it wasn’t active at the time.

“The discovery of this industrial virus is not related to recent fires,” he said.

A string of mysterious fires have taken various plants partially or entirely offline. Earlier this month, a blaze erupted at a petrochemical complex at the Imam Khomeini port, in southwestern Iran—one of the country’s largest. July meanwhile saw two fires: one broke out at the Bistoon Petrochemical Complex in the western province of Kermanshah, with another large-scale burn at the Bu Ali-Sina refinery in the southwest city of Bandar Mahshahr. The latter raged on for more than two days, reported the Times of Israel.

Investigations continue as to whether the petrochemical conflagrations stemmed from some other kind of cyber-attack. But Iran’s oil minister Bijan Namdar Zanganeh told the Times of Israel that the fires were a result of cutbacks in health and safety inspections, thanks to the privatization of the plants.

This is not the first time that Iran’s industrial sector has been targeted, of course. In the wake of the Stuxnet attack by the US and Israel on its nuclear facilities in 2009, the country has been upgrading its cyber-defenses, the Tehran Times reported, including “homegrown firewalls for its sensitive facilities, including nuclear, military and economy sites.”

Photo © Chalalai Atocha

What’s hot on Infosecurity Magazine?