Almost a month after Iran’s railroad system came under cyber attack, with hackers posting fake messages about train delays or cancellations on display boards at stations across the country, the victim country had posed fingers on Israel. However, a recently concluded investigation by Israeli American cybersecurity company, Check Point Software Technologies has revealed that a ‘mysterious’ attacker led to the failure of Iran’s railroad system. According to a report by New York Times, the investigators decrypted the attacker’s name – ‘Indra’ behind involved in the July cyber attack. The report also said that the same group of attackers was also involved in similar other cyber attack incidents in 2010. It is worth mentioning the group- Indra, named after the god of war in Hindu mythology.
When the group attacked the Iranian trains system, the hacker group posted “long-delayed because of cyberattack” or “cancelled” on the boards. They also urged passengers to call for information, listing the phone number- 64411, which is reportedly the contact number of the office of the country’s supreme leader, Ayatollah Ali Khamenei. Explaining the recent investigation, Itay Cohen, a senior researcher at Check Point, said that he had solved many cases of cyberattackers in his career. Usually, it is believed that cyber attackers are associated with professional intelligence or military units. However, he added that the recent attack was different. The senior researcher said that the recent attack narrates a cautionary tale: An opposition group without a government’s budget, personnel, or abilities could still inflict a good deal of damage.
Hacker group developed unique hacking tools: Reports
Further, the researcher noted that the same group was involved in other incidents against companies connected to the Iranian government. “It is very possible that Indra is a group of hackers, made up of opponents of the Iranian regime, acting from either inside or outside the country, that has managed to develop its own unique hacking tools and is using them very effectively,” Cohen said. In December that year, Iran’s telecommunications ministry said the country had defused a massive cyberattack on unspecified “electronic infrastructure” but provided no specifics on the purported attack. It was unclear whether the reported attack caused any damage or disruptions in Iran’s computer and internet systems and whether it was the latest chapter in the U.S. and Iran’s cyber operations targeting the other.