Iran suffers the biggest DDoS attack in history; failed satellite launch

A serious cybersecurity incident has affected telecommunications infrastructure across Iran. Shortly before the launch of Zafar, a satellite developed by the Iranian government, telecommunications across the country experienced a massive disruption, affecting millions of mobile phone and Internet users.

Failures in telecommunications networks were attributed to a distributed denial of service (DDoS) attack, which requires infesting servers with fake traffic to overwhelm them and disrupt systems, the Deputy Minister of Information and Communication Technologies of Iran, Hamid Fatahi stated. The attack occurred a day before the satellite launch, an incident that represented a serious setback for Iran’s communications infrastructure.

Zafar satellite failed launch
SOURCE: TASNIM NEWS AGENCY

Multiple telecomm companies were attacked during the incident, so the activity of these networks decreased by about 75%, as mentioned by cybersecurity specialists. While most affected services were restored after an hour, other networks remained collapsed for more than seven continuous hours.

The communications ministry confirmed that the incident occurred Saturday morning, adding that the attack was contained by Iran’s cybersecurity defense program, known internally as Dejfa. This program was designed to handle such incidents and other potential threats against the country’s IT infrastructure.

Iranian intelligence also mentions that the attack operators forged their sources, linking the incident to locations in North America and Asia. In addition, it is mentioned that no state actor has been shown to be involved in the attack, although it is one of the main hypotheses.

According to the International Institute of Cyber Security (IICS), identifying those who are true responsible for a cyberattack is a highly complex task and requires lengthy research, which is why cyberattacks have become a tool increasingly used by state actors.

The Dejfa program was created a couple of years ago due to multiple cybersecurity incidents that have affected Iran’s critical systems. The last time it was activated dates back to December 2019, when multiple Iranian government servers were under attack. As a result, some areas of Iran’s electricity service suffered disruptions in isolation.