Latest news with #BankSepah
Wall Street Journal
3 days ago
- Business
- Wall Street Journal
Predatory Sparrow Hacks Iran's Financial System
The 12-day war between Israel and Iran featured an unprecedented cyber campaign against the Islamic Republic's financial system. Previous state-sponsored hacks aimed to steal data, ransom assets or disrupt operations. Israel did something far more radical: It destroyed digital assets and banking records to undermine the regime. Israel's success offers the Trump administration new tools for confronting the Iranian threat. Israel first struck Bank Sepah, Iran's oldest and largest state-owned bank. The central financial institution of the Islamic Revolutionary Guard Corps, Bank Sepah serves Iran's military and security forces, processing everything from salaries and pensions to sanctions-evading missile funds. Predatory Sparrow, a hacker group linked to the Israeli government, claimed credit for erasing Bank Sepah's banking data and rendering its systems inoperable. Automated teller machines went dark, and online and in-branch services shut down. Salary and pension payments halted.
Mint
29-06-2025
- Business
- Mint
How Israel-aligned hackers hobbled Iran's financial system
While Israel and the U.S. were bombing Iran's nuclear sites, another battlefield emerged behind the scenes: the financial infrastructure that keeps Tehran connected to the world. Israeli authorities, and a pro-Israeli hacking group called Predatory Sparrow, targeted financial organizations that Iranians use to move money and sidestep the U.S.-led economic blockade, according to Israeli officials and other people familiar with the efforts. U.S. sanctions, imposed off-and-on for decades due to Tehran's nuclear program and support for Islamist groups, have aimed to cut Iran off from the international financial system. Predatory Sparrow, which operates anonymously and posts updates of its activities on X, said this past week that it crippled Iran's state-owned Bank Sepah, which services Iran's armed forces and helps them pay suppliers abroad, knocking out its online banking services and cash machines. Iranian state media acknowledged the damage. The group also breached Nobitex, Iran's largest cryptocurrency exchange, popular with locals for transferring money overseas. The hackers extracted about $100 million in funds and forced the platform to shut down, according to the exchange. Iran's government pulled the plug on much of the country's online activities to prevent further attacks and keep a lid on dissent. Non-Iranian websites were blocked. Citizens were warned against using foreign phones or messaging platforms that it claimed could collect audio and location data for Israeli spies. Government officials were banned from using laptops and smartwatches. Predatory Sparrow said the two hacks were directed against the 'financial lifelines" of the Islamic Revolutionary Guard Corps, the most powerful faction of Iran's military that also controls swaths of the economy. 'Noble people of Iran! Withdraw your funds before it is too late," it tweeted. Both targeted companies remain hobbled. Nobitex said it faced serious challenges in restoring services and was aiming to relaunch trading this coming week. Some Bank Sepah users say online they still aren't receiving deposits. The group didn't say if it was acting on behalf of Israeli authorities. 'The group's sophistication, target selection and geopolitical messaging fit the profile of an Israel-aligned, state-sponsored cyber actor," said Deddy Lavid, chief executive of Cyvers, a Tel Aviv-based cybersecurity firm. Predatory Sparrow didn't respond to requests for comment sent to the administrator of its Telegram group. The cyberattacks hit an economy already battered by U.S. sanctions that bar the purchase of Iran's oil or interactions with its banks. Iran's economy is highly dependent on a select few trading partners, notably China. Annual inflation runs above 40%, according to the World Bank. A constant flight of skilled workers has also throttled Iran's economic growth. Israel confirmed a cease-fire with Iran on Tuesday. But cybersecurity experts and Israeli officials expect the cyberwarfare to continue. 'Israel will likely keep launching precision cyberstrikes against the regime's power centers," said Lavid. Officials at Israel's National Bureau for Counter-Terror Financing said they didn't have information on links between Predatory Sparrow and Israeli authorities. They said Israel was broadly targeting the economic infrastructure that allowed Iran to finance its military and proxies, imposing sanctions earlier this month on its central bank and other banks used by the IRGC. The NBCTF, which is overseen by the defense ministry, plans to issue orders to exchanges outside Iran to help it seize more of Nobitex's crypto holdings. It has identified a further $150 million in funds held by Nobitex, the officials said. Pro-Iran cyber groups have hit back, targeting Israeli government websites with denial-of-service attacks, in which hackers aim to overwhelm computers that route internet traffic with a flood of requests, and sending phishing messages to Israelis in a bid to compromise their phones. The Israel National Cyber Directorate said Iran's cyberattacks hadn't caused damage in recent weeks. Paranoia swept through the Iranian population as the attacks, both physical and cyber, mounted. 'It's better to cut [the internet] off. Israel can see everything," said Mohammad Ghorbaniyan, a Tehran-based money changer whom the U.S. sanctioned several years ago for allegedly aiding Iranian hackers, an accusation he denies. The Bank Sepah hack last Tuesday halted payments, including salaries owed to military retirees, according to Fars News Agency, which is controlled by the IRGC. Many of its cash machines stopped working. The U.S. Treasury Department said last year that Bank Sepah, which has branches on Iranian military bases, helps Iran's defense ministry pay foreign suppliers via a sprawling shadow-banking network. Nobitex went offline the next day. The Tehran-based crypto exchange has processed transactions in excess of about $22 billion for users since its 2017 launch, according to blockchain research firms and the officials from Israel's NBCTF. 'This attack had political motives to create emotional distress and damage the Iranian people's property," Nobitex's chief executive, Amir Rad, said in a video posted on its Telegram channel. As in Russia and other countries cut off from international finance, cryptocurrencies, in particular dollar-pegged stablecoins such as tether, have emerged as a vital workaround in Iran, providing a medium through which users can shift money between local and foreign banks. Nobitex's 11 million customers use the platform to swap Iranian rials for tether, which they can convert into other traditional currencies abroad. Rad has said on his LinkedIn account that Nobitex's goal is to allow Iranians to trade crypto despite 'the shadow of sanctions." 'Nobitex has been the main option for the Iranians to skip the sanctions," said Amit Levin, a former Israeli prosecutor and ex-investigator at the Binance crypto exchange who now advises companies on financial-crime compliance. The Islamic Revolutionary Guard Corps had also turned to Nobitex for international payments, according to the Israeli officials and blockchain researchers. Crypto analytics firm Elliptic has found that two IRGC operatives, whom the U.S. accused of conducting ransomware attacks on American companies, used Nobitex to make transfers. Rad said he didn't believe that the IRGC was moving money through Nobitex because he operated a transparent platform that was closely monitored. Predatory Sparrow has been wreaking havoc on Iran since at least 2021. In earlier hacks, the group disabled gas-station payment systems across the country and triggered a fire at an Iranian steel plant. For their operation against Nobitex, the hackers managed to obtain the keys for the exchange's cryptocurrency wallets, which were held by key personnel within the company, said Rad. Predatory Sparrow then 'burned" the stolen $100 million by sending the tokens to other digital wallets the group itself couldn't access. These wallets' addresses, which are made up of long strings of numbers and letters, contained profane phrases like 'F—IRGCterrorists." Nobitex's initial investigation into the breach indicated that Israel's government had likely supported it, Rad said, though he declined to provide proof of his claim. He said Nobitex was a private, independent company with no affiliation to the Iranian state, including the IRGC. Write to Angus Berwick at
Le Figaro
26-06-2025
- Politics
- Le Figaro
Inside the Cyberwar Unleashed by Israel's 'Predatory Sparrow' Against Iran
Réservé aux abonnés On Tuesday June 17, this group of so-called 'activists' blocked Bank Sepah, which manages the Iranian army's accounts. This is not their first strike against Supreme Leader Ali Khamenei's regime. Iran is not safe on any front. Just days after the launch of Israel's military Operation Rising Lion, in which Mossad agents and Tsahal fighter jets joined forces to strike at the heart of Iran's nuclear program, Israel entered the field of computer warfare, calling on a group of hackers with alleged links to the government. At 11 a.m. (French time) on June 17, the Sepah bank, one of Iran's main state-owned banks (which manages the accounts and investments of the Islamic Revolutionary Guards and the Iranian army) announced the 'disruption' of its services. Many of its customers are then unable to make online transfers or withdraw their money from ATMs. The scale of the attack was then quite unsuspected: the Fars news agency simply stated that the problem 'should be solved within a few hours'. The attack was claimed a few minutes later on the social network X by an activist group, Gonjeshke Darande ('Predatory Sparrow' in Persian). The account's logo depicts a small, round bird, visibly angry…
AU Financial Review
24-06-2025
- Business
- AU Financial Review
Why using AI in cybersecurity is like a game of Spy vs Spy
Just this week an Israeli hacking group said it was behind a series of cyberattacks on Iran's Bank Sepah. Locally, in the past few months we've witnessed attacks on financial services firm Skeggs Goldstien, the Australian Human Rights Commission and Queensland steel fabricator Watkins Steel. With organisations increasingly holding customer data containing key information, cyberattacks on critical infrastructure are fast becoming a threat across all sectors.
The Guardian
24-06-2025
- Politics
- The Guardian
Tech in the Iran-Israel conflict: internet blackout, crypto burning and home camera spying
The war between Israel and Iran, though largely a fight of fighter planes, drones and bombs, is erupting in the digital realm as well. Both countries have long histories with digital warfare. The particular focus of the current conflict, Iran's nuclear program, was the target of one of the first cyberweapons meant to cause physical destruction, the sophisticated worm Stuxnet. Iran, clearly fearful of an online Israeli incursion, imposed a near-total internet blackout early last week. My colleague Johana Bhuiyan reports: Cybersecurity company Cloudflare assessed that internet traffic levels in Iran 'are now ~97% below where they were at the same time a week ago'. Severed internet connectivity has led to a troubling lack of access to information for everyday Iranians as their country descends into conflict. The reduction in internet speeds comes after an anti-Iranian government hacking group with potential ties to Israel claimed that it hacked Iran's state-owned Bank Sepah. Fatemeh Mohajerani, a spokesperson for Iran's government, said on Twitter/X that officials in Tehran had restricted internet access to ward off additional cyberattacks. On Wednesday, Iran's fears came to fruition. My colleague Dan Milmo reports: An Israel-linked hacking group has claimed responsibility for a $90m (£67m) heist on an Iranian cryptocurrency exchange. The group known as Gonjeshke Darande, Farsi for Predatory Sparrow, said on Wednesday it had hacked the Nobitex exchange, a day after claiming it had destroyed data at Iran's state-owned Bank Sepah. Elliptic, a consultancy specialising in crypto-related crime, said it had so far identified more than $90m in cryptocurrency sent from Nobitex crypto wallets to hacker addresses. The hackers appear to have in effect 'burned' those funds, rendering them inaccessible by storing them in 'vanity addresses' for which they do not have the cryptographic keys, Elliptic said. Iran has attempted to retaliate, but as with the wider war, it seems that Israeli attacks have been more successful and damaging. Israeli officials warned the country's residents that Iran is hijacking home security cameras that are connected to the internet to gather real-time intelligence on the ground, Bloomberg reports. Security professionals say hackers for Hamas and Russia have done the same. Home cameras may be a new front in the waging of war, but disrupting them does not seem as powerful as disrupting a central bank, as Israel has done. Late Friday, Iran seemed to lift the internet blackout for some citizens, the New York Times reported, though even those who could access limited online services believed their connections were temporary. PornHub, widely estimated to be the most-visited site for pornographic content in the world, returned to France on Friday after a three-week blackout. The site's owner, Aylo, had rescinded access to the site protest of a new French law demanding adult websites verify users' ages with a credit card or identification document. PornHub drew a line in the sand on the issue and revoked access for a market of nearly 70 million rather than implement an age gate. Since then, a French court has suspended the law while it considers compliance with the European Union's constitution, and so Pornhub is back online. But the quarrel between Paris and PornHub is the latest front in the debate over online age verification, which is heating to a boil across the globe. The issue sits at the intersection of two driving forces of internet regulation that often conflict: keeping children safe online and preserving both privacy and freedom of expression. It's an area where lawmakers have been uncharacteristically prone to action, even in the US, where tech regulation is often as hands off as can be. More than 20 states now have age verification laws on the books. PornHub has made itself unavailable in 17 of them. Texas, the second-most populous state in the US with 31m people, is the highest-profile example. The state legislature there passed a law requiring an ID to visit PornHub in September 2023. In March of the following year, the site went dark in the state, greeting would-be visitors with a banner calling the law 'ineffective, haphazard, and dangerous'. In Louisiana, which has imposed age verification laws, PornHub is still available, but it has seen traffic there decline by 80%, which it attributes to the barrier of the ID requirement. The US supreme court heard arguments in January over whether these laws infringe on the constitutional right to free speech. Research into the laws into the US have found that they are not effective in their stated goal. Online search data showed that people in states with age verification laws sought out porn sites that did not comply with local laws so as to circumvent the age gates as well as virtual private networks to hide their locations from internet providers. The other battlefields over age verification concern social media bans for underage users. Australia, which has passed a law banning under-16s from social media, has been testing different technologies with which to enforce its prohibition but found them lacking. Sign up to TechScape A weekly dive in to how technology is shaping our lives after newsletter promotion The UK is the next frontier in the fight. The UK's system for verifying ages to keep pornography away from children, a provision of the Online Safety Act, will take effect in July. Will London be the next Paris or the next Texas? Last week, Donald Trump debuted a mobile phone branded with his family name – 'T1' etched into the gold case alongside an American flag – with a listed price of $500 and a pledge that it would be 'proudly designed and built in the United States'. Specifically in Alabama, California and Florida. Its monthly service plan will cost $47.45. The Trump phone will struggle to live up to those promises. Its makers have to abide by the same market forces as other phonemakers. Both cheap labor and electronics expertise reside in China. They do not in the US. There's a reason Apple's phones are labeled 'Designed in California' – to take advantage of the caché and appeal of the US without suffering its labor costs. Looking ahead, experts predict that Trump's own tariffs could cause the price of smartphones to spike by double or even triple digits. The electronics supply chain in the US is nowhere near developed enough to assemble a phone entirely domestically. Analysts at investment bank UBS warned in April that the price of an iPhone 16 Pro Max with 256GB of storage could rise by 79% from $1,199 to about $2,150, based on a total tariff of 145%. Apple itself seemed to concur with those assessments when it flew some $2bn worth of iPhones into the US before the tariffs on China went into effect. There is already an example of a phone assembled – but not entirely made – in the US, the Liberty Phone. It costs nearly four times what Trump promises his will, nearly $2000. The Liberty Phone sources its motherboard from the US but still requires screens, batteries and cameras manufactured overseas, according to a Wall Street Journal interview with the CEO of Purism, which manufactures the device. Its operating system can only run basic apps such as a calculator and a web browser because it runs on PureOS, software of the company's own making, per the Journal. The specs on the Liberty Phone are worse than Trump's T1, though the price is higher, making the president's device even less likely to appear on the market as announced. Some of the promised technical capabilities of the T1 would best those of the top-of-the-line iPhones, which cost nearly double what Trump has promised. The Verge put together a good list of which Chinese companies might manufacture the phone for Trump to white label. Eric Trump, who is co-leading the venture with his brother Donald Jr, has acknowledged that the first batch of T1 phones will not be made in the US. 'Eventually, all the phones can be built in the United States of America,' Eric Trump said last week. We'll see. Read more: Why you can't just repair your phone in the US to avoid Trump tariffs Do electric vehicles make people more carsick? Internet users advised to change passwords after 16bn logins exposed WhatsApp messaging app banned on all US House of Representatives devices OpenAI takes down mentions of Jony Ive's io amid trademark row 'Have you heard of this BDSM trend?' What I learned recording thousands of hours of teens on their phones Tesla set to unveil self-driving car service in Austin Trump's plan to ban US states from AI regulation will 'hold us back', says Microsoft science chief Keir Starmer's AI tsar to step down after six months in role
