
Send Email
Confidentiality Guaranteed
Confidentiality Guaranteed

Mobile forensics
By
Bridget Johnson
•
Professional-Iran hackers who took credit rating for a nationwide Friday outage of a platform delivering emergency alerts in indispensable U.S. cities said this present day that they hit the National Climate Provider web page.
“The National Climate Provider webpage is for the time being experiencing an outage,” the NWS Gigantic Junction legend posted at 12:06 p.m. on X. “As of now, there might per chance be now not one of these thing as a timeline on when this might per chance per chance per chance additionally be restored. We enlighten feel sorry about for the anguish.” As of 1:20 p.m. EST, the NWS web page became once inaccessible, but a 1:Forty five p.m. test confirmed it had been restored.
The outage came as Colorado is grappling with critical fire weather stipulations and a unhealthy warmth dome is anticipated to scorch the eastern half of the nation this week.
Users started reporting peril with weather.gov at Downdetector rapidly before 9 a.m. this present day.
The Islamic Cyber Resistance in Iraq – 313 Personnel posted on its Telegram channel at 10:14 a.m. that it “utilized a elaborate cyberattack focused on the U.S. National Climate Provider” that “precipitated intermittent outages and slowed down the rep online page’s operations.”
The group in the start said the attack would final for half an hour, but honest after 11 a.m. they announced an extension. “Now we maintain elevated the depth of the attack, and at some level of this time the rep online page will abilities indispensable disruptions,” 313 Personnel said, subsequently noting the NWS Gigantic Junction acknowledgement of the outage.
At 12:32 p.m., 313 Personnel said they prolonged the attack again by two hours. “We need to verify that the internal infrastructure and web page pages of the US National Climate Provider are experiencing essential disruptions as a outcomes of the heavenly attacks we launched against their infrastructure,” the hackers said.
“We can proceed our war till our final drop of blood, following the path of the Master of Martyrs,” they added rapidly later on. “We verify that the hand of vengeance will reach the killers of Ayatollah Khamenei.”
313 Personnel, which said it attacked Spotify final month in the same vogue citing the intent that “the hand of revenge will reach the killers of Imam Khamenei” and earlier claimed accountability for a “lickety-split fire” attack on eBay, has been relentlessly focused on corporations with DDoS attacks since the U.S. and Israel launched Operation Myth Fury, claiming in April that it disrupted Bluesky with what the social media situation known as a “sophisticated” attack. They additionally claimed to be in the merit of a mid-March Microsoft outage and took credit rating for hitting the X platform at the tip of that month, and additionally maintain claimed attacks on Amazon Top Video, Dropbox, Yahoo, AOL and more sites.
The D.C. Hometown Security and Emergency Administration Company announced on Facebook Friday evening that Everbridge, “the abilities platform in the merit of AlertDC, is for the time being experiencing a nationwide outage.” AlertDC is the district’s loyal emergency notification map that sends residents who signal in emails or textual shriek material alerts about extreme weather, executive and college closures, crime and visitors advisories, energy outages, Amber Alerts and more.
DC HSEMA said the Everbridge outage did now not maintain an label on the district’s “capacity to project Wireless Emergency Alerts (WEA) for forthcoming existence-security threats”; WEA alerts are despatched by FEMA’s Integrated Public Alert and Warning Plan (IPAWS) to communications corporations that then push the advisories to cell devices on their networks. Other jurisdictions including Fairfax County, Va., posted an identical messages concerning the Everbridge outage on their social media accounts. Everbridge has reported thousands of metropolis and county executive customers using its platform.
Leisurely Saturday morning, DC HSEMA posted that “Everbridge has resolved the nationwide outage” and added that their agency “will proceed to video display map performance.”
Shortly after DC HSEMA’s Facebook put up, 313 Personnel said on its Telegram channel that it struck Everbridge, ensuing in “the rep online page being shut down and the login interface being entirely disabled.” The group added in a subsequent put up that their attack on the corporate’s servers “disrupted internal programs and averted the issuance of any urgent alerts and warnings to the inhabitants,” after which posted a screenshot of reports spiking on Downdetector.
313 Personnel additionally posted a handful of jurisdictions’ alerts to residents concerning the outage, including the San Francisco Department of Emergency Administration encouraging residents to utilize their WhatsApp channel as an alternate advance to procure public security updates.
“The attack will proceed for an additional hour, so that Everbridge’s servers will seemingly be down for bigger than 4 hours, so that they might be able to now not project any alerts or warnings to the inhabitants,” the hackers posted tiring Friday, three hours after their first put up claiming the attack.
On Thursday, 313 Personnel claimed it attacked Reddit for half an hour, producing a surge of client reports to Downdetector.
Other groups in Iran’s nook maintain overtly threatened or claimed accountability for attacks focused on critical infrastructure sectors. Earlier in the war, APT IRAN said it swiped a tranche of sensitive affords from Lockheed Martin and posted it in the marketplace in a Russian- and English-language sad web market. Three days before the April 8 ceasefire started, the IRGC-backed Handala group claimed that they had been poised to inflict water, electricity and oil sector attacks on the US and its allies of a caliber to “ship your lives merit to the Middle Ages” if the U.S. hit Iran’s energy grid, as President Donald Trump threatened.
In early Can also, Handala claimed in a Telegram put up that strikes on Fujairah oil facilities had been phase of a coordinated cyber-physical offensive with the IRGC focused on the United Arab Emirates port metropolis — “a fully coordinated operation” that started with their breach of port programs and became once followed by kinetic attacks “minutes later.” Most lately, Handala made an unsubstantiated claim that that the group breached California water programs in retaliation for alleged U.S. strikes that damaged civilian water infrastructure in southern Iran.
