![\"\"](\"https:\/\/www.radiflow.com\/wp-content\/uploads\/Screenshot-167-300x240.png\")
![\"\"](\"https:\/\/www.radiflow.com\/wp-content\/uploads\/Screenshot-168-1-300x146.png\")
<\/p>\nWith the constant increase of cyber attacks on Industrial entities and Critical infrastructures, it\u2019s clear industry sectors around the world are susceptible to a variety of attacks, and last Monday (June 27, 2022) it happened in a steel plant in Iran- as part of the escalating cyber warfare tensions worldwide. Attacks on industrial infrastructure have been continuous in the Middle East.\u00a0 During the past year we witnessed cyber attacks on petrol stations, camera systems\u00a0 in Iran, and last week an attack on local \u201calert systems\u201d in Israel.<\/p>\n
One of Iran\u2019s major steel companies claimed it was forced to halt production after being hit by a cyberattack, making it one of the biggest assaults on the country\u2019s strategic industrial sector in recent years.<\/p>\n
The state-owned Khuzestan Steel Company, which is currently under U.S. sanctions, said experts had determined the plant had to stop work until further notice \u201cdue to technical problems\u201d following \u201ccyberattacks.\u201d\u00a0 So far the company has not blamed any specific group for the alleged attack.<\/p>\n
In Twitter, the hacking gang named Gonjeshke Darande, which has claimed responsibility for previous attacks on Iranian infrastructure has subsequently posted a video on Twitter, stating that it had hacked Khuzestan as well as two other steel plants. The gang continued and published not only a video of the machine explosion, but also pictures of the HMI (the user interface or dashboard that connects a person to a machine, system, or device), as well as a picture of the network<\/p>\n
<\/p>\n
[Twitter source \u2013 https:\/\/bit.ly\/3HYVInd].<\/p>\n
<\/p>\n
Our Radiflow experts and analysts shared a few insights about this incident.<\/p>\n
For one, the intrusion vector is still unknown so we don\u2019t know which vulnerability was exploited to gain access. It\u2019s important to mention (although we see this over and over again), most OT infrastructures are not well segmented, neither protected well enough from connected IT networks\/environments.\u00a0 In addition to that, outdated\/unpatched operating systems of OT servers and workstations of SCADA and DCS environments combined with the lack of IDS (intrusion detection systems) which can detect early signs of suspicious activity, contributes to easy adversarial lateral movement within the plant.<\/p>\n
Even in the event that the attackers do obtain access, it\u2019s still not an easy task to execute an attack. They need to have a domain expert, so they can create the desired effect, in the desired time and place (like was shown in the footage- assuming it is authentic).<\/p>\n
Another issue worth pointing out is the relation between the attack on the ICS and the attack on the plant CCTV systems. The breach and further full control over the CCTV cameras allowed hackers to achieve a number of goals \u2013 validate and control the physical effects, exfiltrate the footage and post it later as a proof for demonstration purposes and show the vulnerability not only of OT environments but of physical security systems as well.<\/p>\n
Lastly, and important to mention, is network visibility.\u00a0 This is critical for the attackers, as well as for the defender\/s. The network diagram posted by the hacking group shows that the knowledge of network connectivity and its vulnerabilities is playing a critical role for hacking activities and more than that for defensive operations.<\/p>\n
Radiflow is expecting for further exploitation of critical infrastructure and strategic manufacturing facilities worldwide by various hacking groups from various reasons therefore proper and correct implementation of various cyber security tools for industrial environments which include OT network visibility, intrusion detection, virtual breach-attack-simulation and in general risk management is a vital part of organizations\u2019 strategy in strengthening their cybersecurity posture.<\/p>\n