The recent cyberattack on Iran's railroad system was the work of anti-regime hackers – not Israel, a report by cybersecurity giant Check Point Software Technologies said over the weekend.
Follow Israel Hayom on Facebook and Twitter
The July 9 strike plunged the Islamic republic railway grid into chaos with hundreds of trains delayed or canceled and millions of passengers delayed, misdirected or stranded.
Tehran immediately pointed the finger at Israel, which has remained mum on the subject. The Jewish state is often blamed for cyberattacks on Iranian infrastructure, especially with respect to any cyberattack compromising the country's notorious nuclear program.
Foreign media maintains that cyberattacks of any kind falls right in line with the long-running shadow war between Jerusalem and Tehran.
Still, Check Point's report, obtained by The New York Times, concluded that a little-known hacker group opposed to the Iranian regime was most likely the culprit in this case.
Indra, named after the god of war in Hindu mythology, is said to be a small group, operating with virtually no resource, but still able to inflict massive damage.
The Iranian Transportation Ministry admitted at the time that the breach had caused "unprecedented chaos" in the country. It also led Iran to n to attack an Israeli-owned ship a few weeks later. Two people – British and Romanian nationals – were killed, earning Iran widespread condemnation and triggering tensions in the Gulf.
In its report, Check Point said the cyberattack was carried out using a version of a hacking tool deployed in previous attacks on Iranian interests in Syria for which Indra had claimed responsibility in 2019 and 2020.
The case, the cybersecurity giant said, illustrates the threat posed by "a non-state sponsored entity… creating the same kind of havoc" as a state actor with far more resources.
Itay Cohen, a senior researcher at Check Point noted that "It is very possible that Indra is a group of hackers, made up of opponents of the Iranian regime, acting from either inside or outside the country, that has managed to develop its own unique hacking tools and is using them very effectively."
He noted that while many cyberattacks can be traced back to professional intelligence or military units "here, it seems to be something else entirely. What we are seeing here are patterns that are different from anything we have seen in the past in attacks executed by states."
Indra first surfaced on social media in 2019 and usually posts in English and Arabic. It has claimed responsibility for a series of attacks targeting companies linked to Iran and its proxies, including the Lebanon-based Hezbollah.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
