Pro-Israel hacktivist group claims responsibility for alleged Iranian bank hack

On Tuesday, the hacktivist group Predatory Sparrow, also known by its Persian name Gonjeshke Darande, announced that it had successfully infiltrated and disabled Iran's Bank Sepah. In a statement shared on X, the group asserted, "We, 'Gonjeshke Darande,' executed cyberattacks that obliterated the data of the Islamic Revolutionary Guard Corps' 'Bank Sepah.'" Predatory Sparrow accused the bank of violating international sanctions and misusing the funds of Iranian citizens to support the regime's military initiatives, including its ballistic missile and nuclear programs. Reports from the independent news outlet Iran International indicate that the cyberattack has led to significant banking disruptions across Iran. Numerous Bank Sepah branches reportedly faced closures on Tuesday, leaving many customers unable to access their accounts. Eyewitness accounts shared by Ariel Oseran, a correspondent for i24NEWS, depicted ATMs in Iran displaying error messages. While the claims of the cyberattack have not been independently verified, attempts to reach Bank Sepah's Iranian email addresses resulted in delivery errors. Additionally, the bank's affiliates in the U.K. and Italy have yet to respond to inquiries regarding the incident. Predatory Sparrow has not provided any comments in response to outreach via their X account and Telegram. This cyber incident arises amid escalating tensions between Israel and Iran, marked by reciprocal airstrikes targeting each other's military installations, particularly following Israel's recent strikes on Iranian nuclear facilities and military targets. The true identity and motivations of Predatory Sparrow remain somewhat enigmatic; however, the group has positioned itself as a pro-Israel, anti-Iran hacktivist faction, having conducted various cyber operations against Iranian entities for years. Cybersecurity experts suggest that Predatory Sparrow has a history of effective cyber operations against Iran. John Hultquist, chief analyst at Google’s Mandiant, noted on X that the group’s capabilities extend beyond mere bravado. Rob Joyce, a former NSA official and member of the Biden administration, emphasized that the group's previous cyber assaults on Iranian infrastructure, such as steel plants and gas stations, have resulted in tangible consequences within Iran, including a notable incident that caused a significant fire at a steel manufacturer and disruptions at gas stations affecting citizens' ability to refuel their vehicles.