According to Mahan Air, the cyberattack was launched on Sunday morning and its responsibility was later claimed by a relatively lesser-known hacking group- “Hooshyarane Vatan” (Vigilant of the Nation).
Iran’s second-largest carrier after Iran Air and the country’s first-ever private airline, Mahan Air, has confirmed suffering and foiling a cyberattack. According to Iranian state media, the airline’s flight schedule wasn’t impacted by the attack.
The airline serves destinations in Central and South Asia, the Middle East, and Europe apart from covering domestic networks.
A Controversial Airline
It is worth noting that the United States blacklisted Mahan Air in 2011 for showing support to Quds Force, the foreign wing of Iran’s Islamic Revolutionary Guard Corps (IRGC).
As per the US authorities, Mahan Air provided “financial, material, or technological support for or to the IRGC-QF.” And, in august 2020, the USA imposed sanctions on two UAE-based companies for offering material support to the airline.
According to the information shared by Mahan Air, the attack was launched on Sunday morning and its responsibility was later claimed by a relatively lesser-known hacking group- “Hooshyarane Vatan” (Vigilant of the Nation).
The attackers infiltrated the company’s internal systems and sent warning messages to Mahan Air customers.
Reportedly, the company’s cybersecurity team “acted intelligently” and timely repelled the attack. However, the hackers posted a statement on Twitter, revealing that they have obtained sensitive information about the airline and its links with the IRGC, which they will expose soon.
The head of the airliner’s public relations office, Amirhossein Zolanvary, said that the company’s internal system was targeted in the attack, but it didn’t impact its domestic and international flight operations as it continued without any disruption. However, the website of Mahan Air went offline after the attack.
“Our internet security team is thwarting the cyberattack,” Zolanvari told state media.
Zolanvary further noted that the airline had been a target of cyberattacks in the past, given its important position in Iran’s aviation industry, therefore, their team is capable of addressing the situation in a “timely manner.”
Iran has been a target of threat actors of late. In late October 2021, Hackread reported that petrol stations across Iran were crippled after a cyberattack disrupted fuel sales. Fuel pumps nationwide were impacted by this attack, and electronic billboards started displaying threatening messages directed at the government’s inefficiency in controlling fuel prices and its fair distribution.
In July, Iran’s national railways became a victim of a targeted attack in which the attackers used Meteor file wiper malware to disrupt the country’s train service.
Iranian hackers have also frequently targeted Israeli networks and organizations. In early November 2021, the Black Shadow hacking group launched a cyberattack against Israel’s internet infrastructure, particularly disrupting operations of Israel’s largest LGBTQ dating site and an insurance firm.
The two countries have been involved in targeted cyberattacks against each other on several occasions. It is, however, unclear whether Israel is involved in the latest attack on Mahan Air or it is the work of a new actor.