A second cyber attack on Iran occurred within a week, and it has been attributed to the pro-Israeli hacker group known as 'Red Evil.' This group claims to have successfully targeted companies involved in the construction and development of nuclear reactors and facilities associated with the Revolutionary Guards in Iran. Their tactics involved encrypting servers and computers, rendering them inoperable. This type of attack is commonly referred to as a ransom attack, where access to computers is encrypted, files are effectively held hostage, and sensitive information is stolen.
According to the Telegram channel of the Red Evil attack group, they managed to breach the systems of companies linked to reactor construction and Revolutionary Guards facilities. These entities were established by order of Ruhollah Khomeini, the founder of the Islamic Republic of Iran.
🚨 Power blackout in Iran due to suspected Israeli cyber attack:— OSINT Updates (@OsintUpdates) October 18, 2023
A Cyber attack reported on power systems in Iran, reportedly half of Tehran cut off from electricity.
An Israeli hacker group 'Red Devil' has claimed responsibility for the power disruption across Tehran, Iran. pic.twitter.com/Xq66EfBioB
The gravity of this cyber intrusion was further emphasized when, at 8:00 PM on Monday, the hackers published a vast amount of files totaling 12 gigabytes. These files contained a trove of information, including email correspondence, IDs, passports, residential addresses of developers, development plans, physical project locations, and business plans, among other sensitive data. The attack group made it clear that they had encrypted all servers and computers, effectively disabling them, and held the encryption keys.
It's worth noting that in typical ransom attacks, cybercriminals demand a ransom and threaten to release the stolen information if payment is not made. However, in this case, the hackers have not explicitly mentioned whether a ransom demand was issued.
The Red Evil group has also been implicated in a previous attack on Iran's electricity infrastructure, which resulted in power outages across the country, particularly in Tehran. These disruptions, which occurred last week, had far-reaching consequences, including the suspension of subway services in the capital, leading to traffic congestion and hampering the efforts of rescue teams in reaching areas requiring evacuation.
The hackers concluded their message with a stern warning to Iran, particularly Tehran, regarding future actions. They threatened that the next strike would be more severe, potentially causing significant casualties. They hinted at a different type of cyber attack, one that would surpass previous ones in terms of impact. Their message before the power outage in Tehran, broadcasted in both Hebrew and English before the attack stated: "Iran? Tehran? Today at 18:00 Israel time we will surprise you. We are deep inside, and you won't even be able to turn on a light in the house. Prepare candles."