The hacking attack on Iran’s largest bank paralyzed the Islamic Republic on Tuesday morning, intensifying the chaos already gripping the country following Operation Rising Lion, which began last weekend with a wide-scale Israeli Air Force assault on multiple targets in Iran.
Iranian ATMs have stopped working
The pro-Israeli hacker group that claimed responsibility for the attack calls itself Predatory Sparrow. This is not the first time the group has taken credit for a cyberattack inside Iran. About five years ago, the group claimed responsibility for hacking a major steel plant in Iran, causing operations to shut down. As in the current case, the hackers released footage of the damage inflicted on the facility.
Cyberattacks that cause physical damage, not just virtual disruptions, are considered particularly difficult to execute. They require in-depth research on mechanical control systems and the discovery of vulnerabilities and security flaws. In other words, accessing such systems often requires physical knowledge and access, and very few hackers possess these capabilities.
Not the first time
In 2021, Iran reported a cyberattack that caused massive disruptions and outages at gas stations across the country. Roughly 4,300 gas stations — about 80% of all stations in Iran — were shut down. At the time, the cyber advisor to Supreme Leader Khamenei estimated the attack was carried out by “a foreign state.” Predatory Sparrow later claimed responsibility.
A year and a half later, in December 2023 — two months after October 7 — another cyberattack once again disabled gas stations throughout Iran. Iran’s oil minister confirmed at the time that around 70% of the country’s gas stations were affected, blaming Israel and the U.S., saying: “At least 30% of the country’s gas stations are operating. This is a cyberattack by Israel and the United States after their losses on other fronts.” Once again, the pro-Israeli hacker group claimed responsibility.
Predatory Sparrow has also targeted Iranian banks in the past. In August of last year, a massive cyberattack struck the Central Bank of Iran and several other banks, causing widespread disruptions to the country’s banking system. According to Iran International, a London-based opposition news outlet, it may have been one of the largest cyberattacks ever carried out against Iranian state institutions. Again, it was widely believed to have been the work of a state-backed actor — a common reference to either Israeli or American cyber operations.
Focused on Iranian targets
Predatory Sparrow primarily operates against Iranian entities or those affiliated with the regime. Experts have assessed that most of the tools used in these attacks resemble state-level cyber weapons or at least systems developed with state support. While it remains unclear whether the group officially operates as an arm of Israel, many experts believe its ties to Israeli operations are likely.
It’s important to note there’s no way to definitively verify whether Predatory Sparrow is a military offensive cyber unit or a group of highly skilled civilian volunteers. What is certain is that its attacks typically coincide with periods of heightened military or diplomatic tensions.
Get the Ynetnews app on your smartphone: Google Play: https://bit.ly/4eJ37pE | Apple App Store: https://bit.ly/3ZL7iNv
Another persistent problem in cyber warfare is the challenge of accurately identifying the source of an attack. Cyber experts rarely commit to naming the origin of a strike with certainty. Many states conceal their involvement by using anonymous or criminal hacker groups as proxies to mask their capabilities. Iran itself operates groups such as “Handala” and “Moses Staff,” while Hamas and Hezbollah also run similar cyber units.
Russia is considered the most advanced player in this arena, with a vast ecosystem of hacker groups — most functioning as mercenaries — that operate under the direction of Russian intelligence and security services depending on their objectives. North Korea also runs such units under military intelligence control, while China has even established a dedicated Cyberspace Force tasked with full-scale cyber operations.