Business Continuity Management / Disaster Recovery , Cybercrime , Cyberwarfare / Nation-State Attacks
Was Internet in Iran Hit by DDoS Attack?
NetBlocks Describes Extensive Disruption of ServiceOver the weekend, an extensive disruption to Iran's telecommunication networks knocked out about 25 percent of the country's internet service for several hours, according to NetBlocks, a nonprofit organization that tracks internet freedom across the globe.
See Also: Gartner Guide for Digital Forensics and Incident Response
The disruption, which took place at about 11:45 a.m. local time Saturday, caused an initial outage of cellular and fixed-line services in Iran for nearly an hour, with the country only able to partially recover its full internet service several hours after the incident, NetBlocks says. The incident appears to have affected Iran's Telecommunications Infrastructure Co., which is the sole provider across the country, the report notes.
"Partial recovery was observed one hour after the initial shutdown, but other networks returned some seven hours after the incident onset," according to the NetBlocks report. "National connectivity fell to a low point of 75 percent of ordinary levels for a period during the morning."
Confirmed: Internet partially shut down #Iran from 11:45 a.m. local time (08:15 UTC); real-time network data show national connectivity fall to 75% after authorities reportedly activated "Digital Fortress" isolation mechanism; incident ongoing
— NetBlocks.org (@netblocks) Febsruary 8, 2020
https://t.co/Qb8bxYUT71 pic.twitter.com/bsETg1Sfxb
What exactly caused Saturday's outage is not clear, although some Iranian officials with the Telecommunications Infrastructure Co. noted on Twitter that it appears a distributed denial-of-service attack was waged against its telecom infrastructure. This then trigged the country's Dzhafa Shield, a cyber defense tool designed to protect Iran’s digital infrastructure, according to security analysts.
To monitor various internet outages throughout the world, NetBlocks researchers track IP address in real time to determine changes in network patterns.
Other Disruptions
Since December, Iranian officials have reported the country has sustained several cyber incidents that appeared designed to disrupt the telecommunications infrastructure and internet services.
On Dec. 11, for example, Iranian officials told Reuters that the country had repelled a "major cyberattack" launched by a foreign government, although those officials declined to name the country involved.
In addition, Iran closed down internet access in November during mass street demonstrations in protest of the government, according to a previous report from NetBlocks.
Nation-State Attack Denial
The recent internet outage in Iran comes in the aftermath of the death of Iranian Major General Qasem Soleimani, who was killed Jan. 3 in a U.S. drone strike. That event sparked cybersecurity concerns as the tensions between Washington and Tehran increased (see: US Conflict With Iran Sparks Cybersecurity Concerns )
Sajjad Bonabi, an official with Iran's Telecommunications Infrastructure Co., says that this weekend's disruption was not carried out by nation-state attacker, but he refused to give any additional details about what may have caused it or describe the extent of the damage to the country's infrastructure, Iranian English daily Financial Tribune reports.
"No sign of state sponsorship of the attack has been detected yet," Bonabi said.
In October 2019, Reuters reported that the U.S. carried out a secret cyber operation against Iran after the country targeted two Saudi Arabian oil facilities in a drone attack. The incident led to the shutting down of those facilities and a surge in global crude oil pricing.
In December, Iranian officials told Reuters that they had stopped a major cyberattack against their country, although it's not clear if the officials were referring to the alleged U.S. incident or a different operation.