Pro-Iran hackers claim manipulation op intended to ‘rot’ critical wheat stockpile
A pro-Iran hacking group detailed an attack manipulating agricultural sector control systems in an incident the Jordanian government said was aimed at destroying a strategic wheat stockpile.
A Sunday post on a newly created Telegram channel attributed to APT IRAN, which was promoted by the Cyber Islamic Resistance Telegram channel, said that “we infiltrated Jordan’s critical infrastructure” by breaching the Jordan Silos and Supply General Company’s internal network via what they claimed was infiltration that began about a month ago. “We introduced our malware to the network through a targeted phishing email to an employee in the administrative department,” APT IRAN said. “After entering, we scanned the internal network and gained access to important parts: the silo control system that manages temperature and humidity, the weighing and scales system, the solar power plant, and by accessing these parts, we took actions.”
The threat actor said that, with their access, “we gradually increased the temperature of the silos in the north (Irbad) so that the wheat would start to rot without anyone noticing.”
“If this continues, about 750,000 tons of wheat, equivalent to two or three months of the country’s consumption, would become completely unusable within 45 days,” APT IRAN added. “We infiltrated the solar power plant and turned off all the inverters so that the silos’ emergency power would be cut off and the cooling systems would fail, forcing them to rely on diesel generators with limited fuel. We changed the weighing software so that instead of recording the actual weight, it recorded a weight 10% less, so that farmers who sell wheat would get less money and protest, and buyers of wheat would buy more at a lower price, and the company would lose money.”
The group also posted screenshots of what appeared to be readings from gauges. “We showed how a country could be brought to its knees with a few simple clicks,” the APT IRAN post declared.
At the end of January, Lab52 reported that APT IRAN, which is closely linked to CyberAv3ngers, was targeting operational technology by offering “the most extensive industrial and military control network framework to date within the Black Industry (BI) ecosystem.” APT Iran stated on a TOR-accessible platform that they would release a “small demo of something … focusing on insecurity in US.”
The Jordanian government released a statement Monday saying that National Cybersecurity Center (NCSC) teams “succeeded in thwarting a cyber attack attempt on the wheat silos management system” at the company.
NCSC director Mohammad Al-Samadi said the attack “was traced to Iran” and “aimed to manipulate the storage temperatures of the wheat stockpile with the goal of causing damage to the strategic reserve,” the statement continued.
The Jordanian government said the attack “was countered immediately and had no impact on the silos management system,” thanks to round-the-clock monitoring that detected the intrusion. “The National Cybersecurity Center had previously notified various national institutions, vital, and critical sectors of the need to elevate cybersecurity readiness levels and strengthen preventive measures,” the statement added.
The Islamic Cyber Resistance in Iraq – 313 Team claimed Monday that it attacked the servers of the Jordanian National Cybersecurity Center “resulting in the disruption of the center’s internal servers and website” as “revenge for Khamenei.” The center warned those in the kingdom, due to “ongoing hacking attempts and cyberattacks,” to be suspicious of direct messages sent to the phones of Jordanian citizens, including awareness messages or warnings not issued directly from the NCSC or other official institutions.
The 313 Team also claimed hourlong cyberattacks targeting official websites of the UAE, Kuwait and Jordan governments. The group said Sunday that it would focus its attacks on those nations in addition to the United States, Israel and Saudi Arabia.
CyberKnow, which tracked the allegiances of hacking groups during the 12-day conflict in 2025 between Iran and Israel, launched a new Cybertracker on Saturday with initial known threat-actor allegiances – seven anti-Iran groups and 28 pro-Iran groups, at the time. An updated Cybertracker posted Monday showed that 60 groups have entered the fray, with pro-Russia groups beginning to join in support of Iran.

Pro-Iran cyber threat actors began their promised retaliatory operations against Western and Gulf entities with largely a campaign of distributed denial of service (DDoS) attacks, claiming an American port’s website as one of their targets along with other critical infrastructure sectors.