How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

About eight minutes after 3 am on June 27, 2022, inside the Khouzestan steel mill near Iran's western coastline on the Persian Gulf, a massive lid lowered onto a vat of glowing, molten metal. Written across the bottom of the video is a kind of disclaimer from Predatory Sparrow, the group of hackers who took credit for this cyber-induced mayhem and posted the video clip to their channel on the messaging service Telegram: “As you can see in this video,” it reads, “this cyberattack has been carried out carefully so to protect innocent individuals.” A close watch of the video, in fact, reveals something like the opposite: Eight seconds after the steel mill catastrophe begins, two workers can be seen running out from underneath the ladle assembly, through the shower of embers, just feet away from the torrent of flaming liquid metal. That's instant death.” A clip from a video posted by Predatory Sparrow hacker group showing the effects of its cyberattack on Khouzestan steel mill in Iran. In the years before and after that attack—which targeted three Iranian steelworks, though only one intrusion successfully caused physical destruction—Predatory Sparrow crippled the country's railway system computers and disrupted payment systems across the majority of Iran's gas station pumps not once but twice, including in an attack last month that once again disabled point-of-sale systems at more than 4,000 gas stations, creating a nationwide fuel shortage.