A recent investigation conducted by the American-Israeli technology company "Check Point" concluded that a mysterious group opposing the Iranian government is likely behind the railway system hack in July, rather than Israel, according to the New York Times. The group is named "Indra," after the Hindu war deity.
At the time, Iran's official news agency "IRNA" reported that the websites of the Iranian Ministry of Transport went offline following an "electronic malfunction" in its employees' computing systems, according to the Associated Press. Communications Minister Mohammad Javad Azari Jahromi then warned of the possibility of cyber attacks involving ransomware. Iran had reported similar attacks in 2018.
The "Check Point" report stated that the recent attack serves as a warning to Iran, particularly given that a budget-less and non-governmental opposition group could inflict such significant damage on the state. The company noted that the hack bears a striking resemblance to other breaches targeting Iranian government-related entities that "Indra" had claimed responsibility for in 2019 and 2020.
The newspaper pointed out that Iran typically accuses foreign nations of being behind cyber attacks against it; however, it has not implicated any entities after the July attack on the railway network. Additionally, no group has claimed responsibility for the recent attacks.
According to Check Point researcher Itay Cohen, "it is quite possible that the Indra group consists of hackers opposed to the Iranian regime." He added that Indra is likely "operating from within or outside the country and has managed to develop its unique hacking tools and use them very effectively."
Cohen described "Indra" as "more like a team of ideologically driven youth who have educated themselves in the cyber world than an organized and structured body." Indra's Twitter account states that the group's mission is to "put an end to the atrocities of the Quds Force and its murderous agents in the region."
Over the past two years, Indra has claimed responsibility for targeting the servers of companies in Syria linked to the Assad regime due to their connection to Tehran, specifically the Fadel Exchange and Cham Wings Airlines. Iran has long been accused of carrying out cyber attacks beyond its borders and has faced numerous hacking attempts that it has always attributed to Israel.
