The hacker group Gonjeshke Darande (Predatory Sparrow) recently took credit for a cyberattack that affected more than 70% of Iranian gas stations.
“We, Gonjeshke Darande, carried out another cyberattack, taking out a majority of the gas pumps throughout Iran. This cyberattack comes in response to the aggression of the Islamic Republic and its proxies in the region,” the hackers posted on X.
Gonjeshke Darande is a relatively new pro-Israel hacker group that was responsible for attacking Iranian infrastructure in 2022. While it stated that it didn’t endanger any lives, the hack in 2022 resulted in a fire.
They use similar tactics and technology as a previous hacker group, Indra. In the past, Check Point Research has linked the two groups together. Though Check Point Research found Indra didn’t have any backing from nation-states and operated independently, it’s widely believed that Predatory Sparrow has ties to the Israeli military.
According to The Times of Israel, Israeli military correspondents hinted that the attack was carried out by Military Intelligence’s Unit 8200. If both statements are true, this creates a link between Predatory Sparrow and the Israeli military.
“We delivered warnings to emergency services across the country before the operation began, and ensured a portion of the gas stations across the country were left unharmed for the same reason, despite our access and capability to completely disrupt their operation,” the hacker group said.
This abnormal level of caution may signal that they are a state-sponsored group that has rules for endangerment that normal hacker groups don’t have.
However, while Predatory Sparrow is a pro-Israel hacktivist group that acts in response to groups that support Hamas, there doesn’t appear to be any direct evidence that ties them to the Israeli military.
Iran’s civil defense agency said an investigation was underway. The Israeli government has not made any comments.