Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Malware Attack on Iran Oil Reminiscent of Stuxnet Worm Attack on Nuke Facility

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Recently, the Iranian oil ministry said its network and the country’s main oil export terminal had been infected with malware forcing engineers to temporarily take the system offline.

This attack immediately brought to mind the Stuxnet worm that targeted Iran’s Natanz nuclear facilities in 2010. However, according to, most security experts said it didn’t appear to be another Stuxnet, state-sponsored attack.

Dow Jones newswire reported that “the Iranian Oil Ministry, the National Iranian Oil Company, and other businesses with ties to the oil ministry were targeted … by the worm, but that it was mitigated before it could do serious damage.” And Bloomberg, quoting sources in the Iranian oil industry, said “a virus was found in the control systems of Kharg Island, where most of Iran’s crude oil export operations reside.”

According to Ali Nikzad, an oil ministry spokesperson, the only damage was to a server that offered public information. However, John Bumgarner, a security specialist with the think tank U.S. Cyber Consequences Unit, suggested the consequences could be greater than a public information server. “The reason you would put a virus inside this network to erase data is because that causes those facilities to have to shut down….(And during the time it took to rebuild the servers), production and refinery operations for Iran could be impacted…..(D)epending on how the virus was written, it could be longer term.”

Tom Parker, chief technology officer at FusionX offered another possible explanation. “Iran…likes to play victim on this sort of stuff, and has done (so) since Stuxnet, so I’d take any info that comes from Iranian officials, or companies with a pinch of salt.”

If Iran is “crying wolf,” it would be a far cry from what happens after a successful malware attack on a financial institution in the USA, for example. Banks and other institutions would rather not reveal to their customers and stockholders that their security had been breached. In fact, the Gramm-Leach-Bliley Act was enacted to ensure breaches were reported in a timely manner.

No matter how timely the reporting, the impact of a successful malware attack on a nation-state or on customers’ bank accounts is bound to create headaches —either the two aspirin and chill for an hour headache or the totally incapacitating take-to-your-bed-for-a-week-with-the-drapes-drawn migraine.

By ThreatMetrix Posted