Mysterious hacker group is suspected in July cyberattack
TEL AVIV, ISRAEL >> When a cyberattack on Iran’s railroad system last month caused widespread chaos, with hundreds of trains delayed or canceled, fingers naturally pointed at Israel, which has been locked in a long-running shadow war with Iran.
But a new investigation by an Israeli American cybersecurity company, Check Point Software Technologies, concluded that a mysterious group opposed to the Iranian government was most likely behind the hack. That is in contrast to many previous cyberattacks, which were attributed to state entities. The group is known as Indra, named after the god of war in Hindu mythology.
The company’s report, which was reviewed by The New York Times, said the attack was a cautionary tale: An opposition group without the budget, personnel or abilities of a government still could inflict a good deal of damage.
In cases where Iran has acknowledged it was a victim of a cyberattack, it usually accused foreign countries. But after the attack July 9 on the railway system, Iran did not blame anyone, and there was no claim of responsibility.
Check Point said the hack bore striking similarities to others against companies connected to the Iranian government that Indra had claimed in 2019 and 2020.
Indra first surfaced on social media shortly before its first hacking claim in 2019. It has claimed responsibility for a series of attacks targeting companies linked to Iran and its proxies, like Hezbollah, the Lebanese militant group.
On the day of the train attack, an announcement appeared on electronic timetable boards at railroad stations across Iran saying, “Long delays due to cyberattacks.” The message itself was the work of the hackers.