Iran has said a foreign country was behind a cyberattack that paralysed its petrol distribution network on Tuesday.
A group called itself Predatory Sparrow claimed it carried out the hack, but Iran’s top internet policy-making body blamed an unnamed “state actor”.
President Ebrahim Raisi said the aim was aimed at “stoking public anger”.
The attack hit an intranet-based system that lets motorists buy subsidised fuel with government-issued smart cards, causing long queues at petrol stations.
The hackers also hijacked digital billboards on highways in the capital Tehran and elsewhere, making them display a message saying: “[Supreme Leader Ayatollah Ali] Khamenei, where is our fuel?”
Only 5% of the country’s 4,300 petrol stations had been reconnected by Wednesday morning, a spokeswoman for the National Iranian Oil Products Distribution Company (NIOPDC) told state media.
“Some are aiming to stoke public anger by creating chaos and disrupting people’s lives,” Mr Raisi told a cabinet meeting on Wednesday.
The president also claimed that “vigilance” by Iranian authorities had prevented the hackers from taking advantage of the situation.
The secretary of the Supreme Council of Cyberspace, Abolhassan Firuzabadi, said the attack was carried out by a foreign country, but that it was “too early to announce by which country and in which way it was done”.
The semi-official Fars news agency meanwhile linked the hack to the second anniversary of the mass protests that erupted across Iran after the government raised the price of petrol by 50%.
The unrest prompted a bloody crackdown by the security forces. Amnesty International said more than 300 people were killed, but Iranian officials dismissed the figure.
In a post on Telegram, Predatory Sparrow said that the hack was a “response to the cyber actions by Tehran’s terrorist regime against the people in the region and around the world”.
It added that it had warned Iran’s emergency services personnel in advance and had chosen not to exploit a vulnerability that would have caused “very long-term damage”.
The group also announced that it was behind a cyberattack on Iran’s rail network in July, which caused message boards at stations to incorrectly show trains as delayed or cancelled.