Uncertainties about cyber-attack on Iranian oil industry

Servers of the Iranian oil ministry have been infected with malware – that is, so far, the only confirmed piece of information on what Iranian news services have called a "cyber-attack" on the country's oil exporting industry.

At first there were reports that a hacker attack on the control system of a crude oil loading terminal on the island of Kharg was thwarted on 22 April. The oil ministry's web servers became temporarily unavailable following the attack.

Then the news was no longer about an attack from the internet but about a malware infection instead. Initially, servers were reportedly crippled by a worm; later, the media said that the incident was caused by a virus called "Wiper". According to early reports, the main servers were disconnected from the affected systems to prevent the malware from spreading. Later news items said that the central servers are generally separate from the basic systems and that they had, therefore, not been at risk.

Whatever the actual details, it appears that the malware has erased data; one report even claimed that it damaged motherboards. The ministry commented that, in any case, no relevant data was at risk because data backups are made on a regular basis. Potential data losses would only affect users' private files, it added.

The Iranian government is in the process of forming a "Supreme Council of Cyberspace" to counteract threats from the internet. The government recently denied that it plans to completely cut off its citizens from the internet.

(ehe)