Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers.

While IOCONTROL is a custom-built backdoor for hijacking IoT devices, it also has a "direct impact" on operational technology (OT) including fuel pumps used in gas stations, according to Claroty's Team82.

The threat intel group analyzed a sample deployed on a Gasboy fuel management system during an attack attributed to CyberAv3ngers, an Islamic Revolutionary Guard Corps (IRGC)-affiliated group. The malware was embedded in Gasboy's Payment Terminal, called OrPT, which means that the attackers could have fully shut down fuel services and potentially stolen customers' payment information, or so we're told.

"We've assessed that IOCONTROL is a cyberweapon used by a nation-state to attack civilian critical infrastructure," Team82 asserted in a December 10 report. 

Leave a Comment