Series of Fires in Iranian Petrochemicals; “Computer Systems Likely Hacked”

The Associated Press reported on Thursday, September 22, that successive fires at Iranian petrochemical facilities have raised suspicion that petrochemical systems may have been hacked and that software sabotage may have occurred in Iran.

The report, citing statements from Iranian officials about the existence of “some cases of contamination (with viruses),” adds that system hacking may have played a role in these incidents.

The Associated Press writes that Iranian officials have insisted during their statements that six cases of fires at petrochemicals and some equipment over the past three months had nothing to do with cyberattacks. However, the government’s confirmation of viral contamination cases raises the possibility of coordinated efforts to target Iranian petrochemical equipment, just as the “Stuxnet” virus disabled thousands of Iran’s uranium enrichment centrifuges several years ago.

According to the report, the worst incident among recent events was the fire at the Avicenna Petrochemical complex, which Iranian insurance authorities estimated caused $67 million in damages. Iranian officials attributed the cause of the incident to a para-xylene leak, which is an inflammable substance.

The report adds that the remaining fire incidents are:

– Fire at the Bistoon petrochemical storage tank on July 29 (August 8), which Iranian officials attributed to an electrical network failure.

– Explosion of the Ganaveh gas pipeline on August 6 (August 16), which resulted in one death and three injuries.

– Fire on August 7 (August 17) at the Imam Port petrochemical tank storage site, with firefighting efforts lasting two days.

– Fire in the wastewater discharge basin of phases 15 and 16 of South Pars on August 30 (September 9).

– And finally, fire at the Mobin Petrochemical complex on September 14 (September 24), which resulted in four people being injured.

The report references initial statements by Brigadier General Gholamreza Jalali, head of the Passive Defense Organization, who denied any connection between these incidents and cyberattacks. It writes that Iran’s old equipment and pipelines have become worn out following years of sanctions, and on the other hand, following the sanctions, it is observed that Iran’s production has faced a rapid increase during the year. At the same time, “Iran also faces occasional attacks by separatist groups.”

The report adds, however, that Brigadier General Jalali warned on August 27 (September 6) that petrochemical industries had been attacked and attributed the cause to imported equipment and its installation in these industries.

According to IRNA news agency, he said that “viruses had contaminated petrochemical complexes and unusual commands from virus software can be dangerous.”

Nevertheless, he emphasized that cyberattacks were not the cause of the fires. Jalali further stated that active defense measures are being undertaken, but made no reference to details.

The report adds that it is still unclear whether Iran, which has recently expanded its software to counter cyberattacks, has the capability to ward off such threats. However, Russia’s “Kaspersky” company, one of the largest developers of content security management systems and which was involved in investigating Stuxnet, told the Associated Press that it has not entered the process of investigating and examining Iranian petrochemicals.

The Associated Press, referring to Jalali’s statements about viral contamination from imported parts, raised the suspicion that a foreign power may be behind this.

Rubin Mills, an industry expert and CEO of Moon Energy company in Dubai, told the news agency that during the sanctions period, Iran typically obtained necessary parts from the black market. “It is likely that they were not always able to purchase high-quality parts and were forced to buy second-hand, poor-quality, or non-standard equipment.”

Aidan Audi Adri, a former Israeli military official who is now CEO of the “Nation AI” cybersecurity company, told the news agency that attacks of this kind require “considerable resources” and cannot be the work of individual hackers.

Regarding the possibility of Iranian petrochemical fires due to cyberattacks, he said that based on his company’s experience and monitoring of the issue, he is “100 percent” certain, although no organization, government, or company ever takes responsibility for these attacks.

However, Ralph Langner, another industry expert who had also studied the Stuxnet virus, told the Associated Press that although his company has not investigated the matter, he doubts that the fires resulted from cyberattacks.

The Associated Press writes there is considerable suspicion that the United States and Israel were behind Stuxnet. “Although this virus was the most famous cyberattack on Iran, it was not the only attack on the country’s industries.”

Source: Radio Farda