CyberCrimeSecuritySecurity Management

Iran Removes Malware From Petrochemical Plants – Report

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Iran takes ‘necessary defensive measures’ after malware is discovered at two of its petrochemical plants

The threat of malware in industrial facilities has been highlighted once again this week after malicious software was found in two petrochemical plants in Iran.

The Iranians have now reportedly undertaken ‘necessary defensive measures following the malware infection.

No Fire Link

The discovery of the malware comes amid recent fires in some of the country’s petrochemical facilities.

But it seems as though the Iranians have rejected any link to the malware and the fires, despite initial speculation linking the fires to cyber attacks. Indeed, Iran’s National Cyberspace Council had announced that it was investigating whether the recent fires were caused by a cyber attack.

But the Iranian oil minister has now been quoted by Reuters as saying that most of the fires in petrochemical plants happened because the privatised petrochemical companies had cut their budgets for health and safety inspections.

“In periodical inspection of petrochemical units, a type of industrial malware was detected and the necessary defensive measures were taken,” brigadier general Gholam-Reza Jalali, head of Iran’s civilian defence, was quoted as saying by the state news agency IRNA.

“The discovery of this industrial virus is not related to recent fires,” he added.

Meanwhile the Tehran Times, quoting Jalali, said that the malware was introduced into the petrochemical plants following the purchase of industrial software from aboard.

“Investigations indicated that the industrial software packages, bought from foreign countries, were already corrupted,” Jalali was quoted as saying.

Iranian centrifuge stuxnetIranian Cyberattacks

Iran of course has reason to be very wary of cyberattacks after the Stuxnet malware caused carnage to Iranian nuclear infrastructure in 2009 and 2010.

That malware was widely believed to have been created by the United States and Israel, and it is said to have damaged nearly 3,000 centrifuges in the Natanz facility in Iran.

But malware targeting industrial systems are not new. In June for example FireEye Labs discovered malware targetting industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

And in April this year a German nuclear power plant in Bavaria admitted that its systems were riddled with malware, and the plant was shut down as a precaution.

Of course the potential risk to systems controlling critical infrastructure and industrial systems remains a worry for many governments and authorities around the world. Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

In 2015 an attacker managed to hack into the systems of a nuclear power plant in South Korea. A computer worm was later discovered in a device connected to the control system, but the plant operator insisted that the breach had not reached the reactor controls itself.

The hacker later posted files from the hack online, and included a demand for money.

A German steelworks also suffered “massive damage” after a cyber attack on its computer network in late 2014.

Are you a security pro? Try our quiz!