Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Mario Kart World and Switch 2 edition Zelda games are 10% off

    July 28, 2025

    The Tiny Super Pocket Neo Geo Edition Is Affordable Retro Fun

    July 28, 2025

    Temu users face a ‘high risk’ of finding illegal products, EU says

    July 28, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide
    Security

    CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide

    News RoomBy News RoomApril 14, 20254 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Around the same time, CyberAv3ngers also posted on Telegram that it had hacked into the digital systems of more than 200 Israeli and US gas stations—incidents which Claroty says did occur in some cases, but were largely limited to hacking their surveillance camera systems—and to have caused blackouts at Israeli electric utilities, a claim that cybersecurity firms say was false.

    That initial wave of CyberAv3ngers hacking, both real and fabricated, appears to have been part of a tit-for-tat with another highly aggressive hacker group that is widely believed to work on behalf of Israeli military or intelligence agencies. That rival group, known as Predatory Sparrow, repeatedly targeted Iranian critical infrastructure systems while similarly hiding behind a hacktivist front. In 2021, it disabled more than 4,000 Iranian gas stations across the country. Then, in 2022, it set a steel mill on fire in perhaps the most destructive cyberattack in history. Following CyberAv3ngers’ late 2023 hacking campaign, and missile launches against Israel by Iranian-backed Houthi rebels, Predatory Sparrow retaliated again by knocking out thousands of Iran’s gas stations in December of that year.

    “Khamenei!” Predatory Sparrow wrote on X, referring to the supreme leader of Iran in Farsi. “We will react against your evil provocations in the region.”

    Predatory Sparrow’s attacks have been tightly focused on Iran. But CyberAv3ngers hasn’t limited itself to Israeli targets, or even Israeli-made devices used in other countries. In April and May of last year, Dragos says, the group breached a US oil and gas firm—Dragos declined to name which one—by compromising the company’s Sophos and Fortinet security appliances. Dragos found that in the months that followed, the group was scanning the internet for vulnerable industrial control system devices, as well as visiting the websites of those devices’ manufacturers to read about them.

    Following its late 2023 attacks, the US Treasury sanctioned six IRGC officials that it says were linked to the group, and the State Department put its $10 million bounty on their heads. But far from being deterred, CyberAv3ngers has instead shown signs of evolving into a more pervasive threat.

    Last December, Claroty revealed that CyberAv3ngers had infected a wide variety of industrial control systems and internet-of-things (IOT) devices around the world using a piece of malware it developed. The tool, which Claroty calls IOControl, was a Linux-based backdoor that hid its communications in a protocol known as MQTT used by IOT devices. It had been planted on everything from routers to cameras to industrial control systems. Dragos says it found devices infected by the group worldwide, from the US to Europe to Australia.

    According to Claroty and Dragos, the FBI took control of the command-and-control server for IOControl at the same time as Claroty’s December report, neutralizing the malware. (The FBI didn’t respond to WIRED’s request for comment about the operation.) But CyberAv3ngers’ hacking campaign nonetheless shows a dangerous evolution in the group’s tactics and motives, according to Noam Moshe, who tracks the group for Claroty.

    “We’re seeing CyberAv3ngers moving from the world of opportunistic attackers where their whole goal was spreading a message into the realm of a persistent threat,” Moshe says. In the IOControl hacking campaign, he adds, “they wanted to be able to infect all kinds of assets that they identify as critical and just leave their malware there as an option for the future.”

    Exactly what the group might have been waiting for—possibly some strategic moment when the Iranian government could gain a geopolitical advantage from causing widespread digital disruption—is far from clear. But the group’s actions suggest that it’s no longer seeking to merely send a message of protest against Israeli military actions. Instead, Moshe argues, it’s trying to gain the ability to disrupt foreign infrastructure at will.

    “This is like a red button on their desk. At a moment’s notice they want to be able to attack many different segments, many different industries, many different organizations, however they choose,” he says. “And they’re not going away.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleSamsung pauses One UI 7 rollout worldwide
    Next Article Black Basta: The Fallen Ransomware Gang That Lives On

    Related Posts

    DHS Faces New Pressure Over DNA Taken From Immigrant Children

    July 25, 2025

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

    July 24, 2025

    China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

    July 23, 2025

    How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

    July 21, 2025

    Hackers Are Finding New Ways to Hide Malware in DNS Records

    July 19, 2025

    Adoption Agency Data Exposure Revealed Information About Children and Parents

    July 19, 2025
    Our Picks

    The Tiny Super Pocket Neo Geo Edition Is Affordable Retro Fun

    July 28, 2025

    Temu users face a ‘high risk’ of finding illegal products, EU says

    July 28, 2025

    Trump’s Anti-Bias AI Order Is Just More Bias

    July 28, 2025

    Florida Is Now a Haven for Unproven Stem-Cell Treatments

    July 28, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Gear

    This Brand-New TCL QLED Has the World’s Slimmest Bezels

    By News RoomJuly 28, 2025

    The main way to tell how old a TV is? Look at the bezels. Until…

    Reddit and Discord’s UK age verification can be defeated by Death Stranding’s photo mode

    July 28, 2025

    The Fujifilm X-E5 is a simple, familiar, and impressive travel camera

    July 27, 2025

    CookUnity Cracked the Code on Meal Delivery By Using … Gasp … Chefs

    July 27, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.