Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Iran-based hacker group. Show all posts

Iran-Linked Hackers Targeted US Fuel Tank Systems Through Exposed ATG Networks

 

A cyber incident linked to suspected Iranian hackers targeted U.S. gas station fuel monitoring systems, exposing weaknesses in critical infrastructure. Internet-connected ATG systems lacking password protection reportedly allowed attackers to gain access without stolen credentials. Though designed to track fuel levels automatically, these systems became vulnerable because of poor security controls. 

The incident highlights how basic operational technology flaws can create major risks. Weakly protected infrastructure remains an attractive target for cyberattacks. Remote access features, while convenient, can become dangerous when left exposed online. 

Many of these monitoring tools operate quietly in the background until compromised. Security experts warn that even simple protections could have blocked the intrusion. Each exposed device increases risks across connected infrastructure networks. Although the attackers reportedly altered displayed fuel readings, authorities said the actual fuel levels inside storage tanks were not changed. 

Even so, cybersecurity specialists stressed that compromised ATG systems could still disrupt operations or create confusion during emergencies. Experts have warned for years that insecure fuel monitoring systems could become targets for hackers or state-backed groups seeking to impact critical services. Growing tensions involving the United States, Iran, and Israel have fueled suspicions around Iranian-linked cyber activity. Analysts noted similarities between this incident and earlier attacks tied to Iran targeting fuel distribution infrastructure. 

While officials have not publicly confirmed attribution, researchers said the timing and techniques resemble previous Iran-associated operations. Cybersecurity and Infrastructure Security Agency acknowledged reports of malicious activity involving automated tank gauge systems across critical sectors. While the agency stopped short of blaming Iran directly, it urged organizations to strengthen protections immediately. 

Recommendations included removing ATG systems from direct internet exposure, implementing strong passwords, reviewing logs regularly, and improving monitoring for suspicious behavior. Experts say modern geopolitical conflicts increasingly extend into digital systems supporting everyday life. Attacks targeting fuel infrastructure can trigger economic disruption, supply chain instability, and public panic even without causing physical damage. 

A relatively small cyber incident can still send a strategic message by demonstrating access to systems relied upon by millions. Many cybersecurity professionals continue warning that operational technology environments remain especially vulnerable because they often rely on outdated systems, weak segmentation, and limited visibility. Attackers frequently focus on these environments because even simple techniques can produce large-scale disruption. 

Researchers also pointed to lessons from the Colonial Pipeline ransomware attack, which caused fuel shortages and emergency declarations across multiple U.S. states in 2021. Experts believe similar attacks today could create ripple effects well beyond the originally targeted facilities. 

Security specialists now argue that industrial systems and connected devices should receive the same level of protection as traditional IT networks. Stronger segmentation, automated compliance checks, continuous monitoring, and recovery planning are increasingly viewed as necessary safeguards as cyber threats against critical infrastructure continue to grow.

Iranian Hackers Threaten More Trump Email Leaks Amid Rising U.S. Cyber Tensions

 

Iran-linked hackers have renewed threats against the U.S., claiming they plan to release more emails allegedly stolen from former President Donald Trump’s associates. The announcement follows earlier leaks during the 2024 presidential race, when a batch of messages was distributed to the media. 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded by calling the incident “digital propaganda,” warning it was a calculated attempt to discredit public officials and mislead the public. CISA added that those responsible would be held accountable, describing the operation as part of a broader campaign by hostile foreign actors to sow division. 

Speaking virtually with Reuters, a hacker using the alias “Robert” claimed the group accessed roughly 100 GB of emails from individuals including Trump adviser Roger Stone, legal counsel Lindsey Halligan, White House chief of staff Susie Wiles, and Trump critic Stormy Daniels. Though the hackers hinted at selling the material, they provided no specifics or content. 

The initial leaks reportedly involved internal discussions, legal matters, and possible financial dealings involving RFK Jr.’s legal team. Some information was verified, but had little influence on the election, which Trump ultimately won. U.S. authorities later linked the operation to Iran’s Revolutionary Guard, though the hackers declined to confirm this. 

Soon after Trump ordered airstrikes on Iranian nuclear sites, Iranian-aligned hackers began launching cyberattacks. Truth Social, Trump’s platform, was briefly knocked offline by a distributed denial-of-service (DDoS) attack claimed by a group known as “313 Team.” Security experts confirmed the group’s ties to Iranian and pro-Palestinian cyber networks. 

The outage occurred shortly after Trump posted about the strikes. Users encountered error messages, and monitoring organizations warned that “313 Team” operates within a wider ecosystem of groups supporting anti-U.S. cyber activity. 

The Department of Homeland Security (DHS) issued a national alert on June 22, citing rising cyber threats linked to Iran-Israel tensions. The bulletin highlighted increased risks to U.S. infrastructure, especially from loosely affiliated hacktivists and state-backed cyber actors. DHS also warned that extremist rhetoric could trigger lone-wolf attacks inspired by Iran’s ideology. 

Federal agencies remain on high alert, with targeted sectors including defense, finance, and energy. Though large-scale service disruptions have not yet occurred, cybersecurity teams have documented attempted breaches. Two groups backing the Palestinian cause claimed responsibility for further attacks across more than a dozen U.S. sectors. 

At the same time, the U.S. faces internal challenges in cyber preparedness. The recent dismissal of Gen. Timothy Haugh, who led both the NSA and Cyber Command, has created leadership uncertainty. Budget cuts to election security programs have added to concerns. 

While a military ceasefire between Iran and Israel may be holding, experts warn the cyber conflict is far from over. Independent threat actors and ideological sympathizers could continue launching attacks. Analysts stress the need for sustained investment in cybersecurity infrastructure—both public and private—as digital warfare becomes a long-term concern.

Malek Team: Iran-linked Hackers Claim to Leak Medical Records From Israeli Hospital


An alleged Iran-based hacker group has claimed responsibility for stealing thousands of medical records from an Israeli hospital and leaking them on online forums. The stolen data also includes medical information of Israeli soldiers. The hospital – Ziv Medical Center – is situated in the city of Safed, near the border of Syria and Lebanon. 

The hackers claim to have stolen 500GB of medical data dating back to 2022. The 700,000 documents purportedly contained patient medical and personal data, including disease types and prescribed medication.

Last weekend, the hacker group involved in the attack – Malek Team – after attacking the hospital, began releasing documents that included the ones containing data from the Israel Defense Force (IDF) on their Telegram channel.

While the hackers did not disclose when exactly they attacked the hospital, a warning was released last week by the Israeli National Cyber Directorate regarding an incident affecting Ziv Medical Center's computer systems.

The warning read, “The incident has been identified and contained without disrupting or affecting various systems and the operation of the medical center.” Taking precautions, the hospital temporarily took down its email server and some of its computer systems.

The security team has conducted an investigation on the issue, however, findings have yet to be released as of yet to ascertain whether or not there was an information leak. 

Israel’s newspaper The Jerusalem Post reported that this was not the first time Ziv Medical Center has fallen victim to a cyberattack. The hospital had suffered two other cyber incidents in four months. Local media outlets reported that Ziv's systems appeared to have leaked information, which was admitted by both the hospital and the Israeli privacy protection body.

Israeli officials have said that they are pursuing charges against those connected to the incident and have forbidden the use, transfer, or distribution of any information that has been disclosed.

Along with Israeli tech and media organizations, Malek Team also claimed responsibility for cyberattacks on other targets in Israel, such as Ono Academic College, which was previously targeted earlier in October.

In their ventures, the hackers have leaked several data pieces, including videos of university classes and admission interviews with students. Also, scans of victims’ passports and documents have also been released. However, the authenticity of this data has not been confirmed.