Cyber Incident Victim: Iran

On June 27, 2022, Iran's steel production facilities in the southern region experienced a disruptive cyberattack during morning operations, as reported by the Fars news agency citing Iran's National Cyber Center. The attack temporarily impacted manufacturing processes before being neutralized by defensive measures. A hacking group identifying itself as Gonjeshk’e Darandeh (translated as "Killer Sparrow") publicly claimed responsibility for the intrusion, though independent verification of their involvement remained unavailable. This marked another instance of the group's alleged cyber activities against Iranian infrastructure, following previous unverified claims of targeting the nation's IT systems. Iranian authorities attributed the assault to "foreign enemies," maintaining continuity with their established pattern of blaming external adversaries for cybersecurity incidents without providing forensic evidence. The operational disruption represented a tangible impact on industrial output, though its duration and financial consequences were not quantified in available reports.

This incident occurred against a backdrop of escalating cyber operations against Iranian critical infrastructure throughout 2022. Prior targets had included nuclear facilities at Natanz and Karaj, Tehran's Evin Prison, and the municipal administration systems of the capital city. Iranian officials consistently attributed these coordinated attacks to Israel, though no government entity formally claimed responsibility for the steel industry breach. The National Cyber Center's intervention succeeded in restoring production systems following the initial compromise. No data exfiltration or secondary impacts beyond temporary operational disruption were documented in available accounts. The recurrence of such incidents highlighted persistent vulnerabilities within Iran's industrial control systems despite established cybersecurity institutions.