As reported by Reuters, on Friday, the country’s train services experienced delays and cancellations as ticket offices struggled to cope with the attack. However, not only did the miscreants cause severe operational issues, but those behind the situation also trolled Iranian Supreme Leader Ayatollah Ali Khamenei, who has been in office since 1989. IRIB reported that electronic boards used to display arrival and departure information to passengers at train stations were compromised. The boards asked travelers to call a number to reach a help desk for further information. However, the number actually belonged to the leader’s office. Iranian officials from the Ministry of Road and Urban Development confirmed the attack on Saturday. “Following a disruption in the staff computer systems in the headquarters of the Ministry of Road and Urban Development, the issue is under investigation by technical experts of the ministry,” the organization said. The rail service’s website now appears to be fully operational. In April, the UK’s Merseyrail network was subject to a cyberattack conducted by the Lockbit ransomware group. It appears that an Office 365 email account used by the company was compromised – and was also used to inform employees and journalists of the attack. The UK Information Commissioner’s Office (ICO) was informed of the incident. Back in 2018, Rail Europe experienced a three-month-long cyberattack leading to the theft of customer payment card data and personal information. Threat actors were able to install credit card-skimming malware on the network’s website.
Previous and related coverage
Iranian hacking group Agrius pretends to encrypt files for a ransom, destroys them insteadIranian hackers are selling access to compromised companies on an underground forumMicrosoft says Iranian hackers are exploiting the Zerologon vulnerability
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0