Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
In August, a large-scale cyberattack was carried out on Iran, threatening the stability of the country's banking system. Sources familiar with the situation report that as a result of the incident, the government was forced to make a deal with hackers and pay a ransom of several million dollars.
According to analysts and Western officials, one of the Iranian companies transferred at least $3 million to prevent the leakage of personal data of customers of more than 20 banks. The attack, one of the largest in Iran's history, was most likely orchestrated by the IRLeaks threat actor, who had previously committed similar hacks.
The extortionists initially demanded a ransom of $10 million in cryptocurrency, threatening to sell the stolen data, which includes bank account and credit card information of millions of citizens. However, the deal was ultimately reduced to $3 million. Iran's government went ahead with the deal, fearing that the data leak could destabilize the country's financial system, which is already under pressure due to international sanctions.
Despite the scale of the incident, Iranian authorities did not acknowledge the hack or report the ransom. During the attack, ATMs across the country were temporarily shut down. Opposition media covered the incident, but no official statements were made about the hacker group and ransom demands.
Following the cyberattack, Iran's supreme leader issued a statement accusing the U.S. and Israel of trying to "instill fear in the Iranian people" and of psychological warfare aimed at weakening the country's political and economic stability. At the same time, according to sources, the cyberattack was not linked to the US or Israeli governments, but was carried out by independent hackers acting for financial reasons.
The IRLeaks group, which has previously hacked Iranian companies, penetrated the banks' servers through Tosan, a company that provides digital services in the financial sector. Using Tosan as a Trojan horse, the hackers gained access to data from both private banks and the Central Bank of Iran. Among the affected financial institutions were Bank of Industry and Mines, Post Bank of Iran, Bank Day and others.
Iran's financial system has long been in a vulnerable position. Iranian banks are overburdened with domestic borrowing and are experiencing significant difficulties, exacerbated by sanctions and economic instability. Despite this, many Iranians continue to use banking services and avoid cash due to the high inflation rate, which is more than 40% in the country. However, the vulnerability of the banking system increases the risks for individual credit institutions, especially in the event of mass withdrawals by customers. It was this risk that could prompt the Iranian authorities to conceal the attack and settle with the extortionists as soon as possible.
In January, Hudson Rock disclosed large-scale cyberattacks on Iran's leading insurance services, as well as online food ordering services, affecting a significant portion of Iran's 88 million population. A hacker under the pseudonym "irleaks" published a message on the cybercrime market on December 20, offering for sale more than 160 million records of Iranians data from 23 leading insurance companies in the country.
Source
According to analysts and Western officials, one of the Iranian companies transferred at least $3 million to prevent the leakage of personal data of customers of more than 20 banks. The attack, one of the largest in Iran's history, was most likely orchestrated by the IRLeaks threat actor, who had previously committed similar hacks.
The extortionists initially demanded a ransom of $10 million in cryptocurrency, threatening to sell the stolen data, which includes bank account and credit card information of millions of citizens. However, the deal was ultimately reduced to $3 million. Iran's government went ahead with the deal, fearing that the data leak could destabilize the country's financial system, which is already under pressure due to international sanctions.
Despite the scale of the incident, Iranian authorities did not acknowledge the hack or report the ransom. During the attack, ATMs across the country were temporarily shut down. Opposition media covered the incident, but no official statements were made about the hacker group and ransom demands.
Following the cyberattack, Iran's supreme leader issued a statement accusing the U.S. and Israel of trying to "instill fear in the Iranian people" and of psychological warfare aimed at weakening the country's political and economic stability. At the same time, according to sources, the cyberattack was not linked to the US or Israeli governments, but was carried out by independent hackers acting for financial reasons.
The IRLeaks group, which has previously hacked Iranian companies, penetrated the banks' servers through Tosan, a company that provides digital services in the financial sector. Using Tosan as a Trojan horse, the hackers gained access to data from both private banks and the Central Bank of Iran. Among the affected financial institutions were Bank of Industry and Mines, Post Bank of Iran, Bank Day and others.
Iran's financial system has long been in a vulnerable position. Iranian banks are overburdened with domestic borrowing and are experiencing significant difficulties, exacerbated by sanctions and economic instability. Despite this, many Iranians continue to use banking services and avoid cash due to the high inflation rate, which is more than 40% in the country. However, the vulnerability of the banking system increases the risks for individual credit institutions, especially in the event of mass withdrawals by customers. It was this risk that could prompt the Iranian authorities to conceal the attack and settle with the extortionists as soon as possible.
In January, Hudson Rock disclosed large-scale cyberattacks on Iran's leading insurance services, as well as online food ordering services, affecting a significant portion of Iran's 88 million population. A hacker under the pseudonym "irleaks" published a message on the cybercrime market on December 20, offering for sale more than 160 million records of Iranians data from 23 leading insurance companies in the country.
Source
