In Septemebr 2019, some Iranian servers and websites of a couple of petrochemical firms faced a cyberattack and struggled to recover. After that attack, Iran again faced a similar situation last weekend since Saturday, Feb 8. This time it is so powerful that the alleged attack disrupted internet connection across the country.
It was NetBlocks, a non-governmental organization that monitors cybersecurity and the governance of the internet which confirmed that there was an extensive Iranian telecommunications network disruption on Saturday morning.
Internet disruption in Iran
NetBlocks uses a combination of measurement and classification techniques to identify disruptions and critical infrastructure cyberattacks in real-time. In a Tweet, the internet observatory revealed that Iran's internet connectivity drop to 75 percent after Iranian authorities reportedly activated "Digital Fortress" isolation mechanism. It should be mentioned that this particular mechanism is also known as DZHAFA.
As per Iran's IT minister, Dzhafa's project to protect the country's information security and digital infrastructure will act as a "national information network security shield." As per the authorities, this project is a national information network security shield which along with the development of technology, also protects people's privacy and aims to combat cyberattacks, support the continuation of digital services, prevent fraud, disseminate information and detect malware.
The threat analysis report
As per the NetBlocks' report, Sadjad Bonabi, a spokesperson for Iran's Telecommunication Infrastructure Company who is also affiliated to the ministry of ICT and Iran's only telecom infrastructure provider, Tweeted that:
"At 9:30 am today, due to a distributed denial-of-service attack, the Internet has been hampered by some fixed and mobile operators for an hour, which is now normalized with the intervention of the Dzhafa Shield and the efforts of its communications infrastructure partners."
DDoS attack
Distributed Denial of Service or DDoS is a type of cyberattack that tries to make a website or network resource unavailable. In this case, attackers coordinate the use of hundreds or thousands of devices across the internet to send an overwhelming amount of unwanted to the target, which could be a company's website or network.
It should be noted that almost any type of internet-facing connected device could become a resource for a potential DDoS, such as the Internet of Things (IoT) devices, smartphones, personal computers and powerful servers.
As reported by Financial Tribune, Bonabi said, "No sign of state sponsorship of the attack has been detected yet. The attack's sources and destinations were highly distributed. Spoofed source IPs from East Asia and North America were used in the DDoS attack."
Iran cyberattacks
This recent incident is one addition in the long list of alleged cyberattacks against Iran. Earlier in 2019, it was reported that the US had launched an offensive digital attack campaign on Iran to disable the computer systems used to control rocket and missile launches.
International Atomic Energy Agency (IAEA) ex-director Dr Tariq Rauf has claimed that cybersecurity threat to nuclear weapon deterrent is an emerging challenge and pointed out that US and Israel have opened a "new Pandora's Box by launching a cyber-attack against Iran."
