{{Short description|Electronic warfare launched by Iranian military forces}} Cyberwarfare is a part of [[Government of Iran|the Iranian government]]'s "soft war" [[military strategy]]. Being both a victim and wager of [[cyberwarfare]],<ref>{{cite web|first=Shashank |last=Joshi |url=http://blogs.telegraph.co.uk/news/shashankjoshi/100239562/iran-the-mossad-and-the-power-of-cyber-warfare/|archive-url=https://web.archive.org/web/20131003104343/http://blogs.telegraph.co.uk/news/shashankjoshi/100239562/iran-the-mossad-and-the-power-of-cyber-warfare/|archive-date=October 3, 2013|title=Iran, the Mossad and the power of cyber-warfare |access-date=March 18, 2015}}</ref> Iran is considered an emerging [[Great power|military power]] in the field.<ref>{{cite web|url=http://flashcritic.com/irans-military-preparing-for-cyber-warfare/|title=Iran's military is preparing for cyber warfare|work=[[The Daily Telegraph|The Telegraph]]|access-date=March 18, 2015|date=October 3, 2013|archive-date=August 10, 2018|archive-url=https://web.archive.org/web/20180810114757/http://flashcritic.com/irans-military-preparing-for-cyber-warfare/|url-status=live}}</ref> Since November 2010, an organization called "The Cyber Defense Command" ({{langx|fa|قرارگاه دفاع سایبری}}; ''Gharargah-e Defa-e Saiberi'') has been operating in Iran under the supervision of the country's "[[Passive Defense Organization|Passive Civil Defense Organization]]" ({{langx|fa|سازمان پدافند غیرعامل}}; ''Sazeman-e Padafand-e Gheyr-e Amel'') which is itself a subdivision of the [[Armed Forces of the Islamic Republic of Iran|Joint Staff of Iranian Armed Forces]].<ref>{{cite web|first=Hossein|last=Bastani|url=http://www.strato-analyse.org/fr/spip.php?article223#outil_sommaire_3|title=Structure of Iran's Cyber Warfare|publisher=[[Strategic analysis center (France)|Institut Français d'Analyse Stratégique]]|access-date=March 18, 2015|date=December 13, 2012|archive-date=May 23, 2019|archive-url=https://web.archive.org/web/20190523162859/http://www.strato-analyse.org/fr/spip.php?article223#outil_sommaire_3|url-status=live}}</ref>
Iran has been the target of cyberattacks, including the [[Operation Olympic Games]] (Stuxnet) attack by the United States and Israel on its nuclear facilities.
According to a 2014 report by [[Institute for National Security Studies (Israel)|Institute for National Security Studies]], Iran is "one of the most active players in the international cyber arena".<ref>{{cite web|first1=Gabi|last1=Siboni|first2=Sami|last2=Kronenfeld|url=http://www.inss.org.il/index.aspx?id=4538&articleid=6809|title=Developments in Iranian Cyber Warfare, 2013–2014|work=INSS Insight|number=536|publisher=[[Institute for National Security Studies (Israel)|Institute for National Security Studies]]|access-date=March 18, 2015|date=April 3, 2014|archive-date=January 5, 2020|archive-url=https://web.archive.org/web/20200105223245/http://www.inss.org.il/index.aspx?id=4538&articleid=6809|url-status=live}}</ref> In 2013, a [[Islamic Revolutionary Guard Corps|Revolutionary Guards]] general stated that Iran has "the 4th biggest cyber power among the world's cyber armies."<ref>{{cite web|url=https://www.hackread.com/iran-biggest-cyber-army-israel/|title=Israeli Think Tank Acknowledges Iran as Major Cyber Power, Iran Claims its 4th Biggest Cyber Army in World|publisher=Hack Read|access-date=March 18, 2015|date=October 18, 2013|archive-date=May 30, 2019|archive-url=https://web.archive.org/web/20190530073522/https://www.hackread.com/iran-biggest-cyber-army-israel/|url-status=live}}</ref><ref>{{Cite web|title=- IRANIAN CYBER THREAT TO THE U.S. HOMELAND|url=https://www.govinfo.gov/content/pkg/CHRG-112hhrg77381/html/CHRG-112hhrg77381.htm|access-date=2021-10-28|website=www.govinfo.gov|archive-date=2021-10-28|archive-url=https://web.archive.org/web/20211028120955/https://www.govinfo.gov/content/pkg/CHRG-112hhrg77381/html/CHRG-112hhrg77381.htm|url-status=live}}</ref> According to a 2021 report by a cyber-security company, "Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents".<ref>{{cite news|url=https://www.bbc.com/news/technology-55977537|title=Iran 'hides spyware in wallpaper, restaurant and games apps'|work=BBC News|date=8 February 2021|access-date=2021-10-28|archive-date=2021-08-07|archive-url=https://web.archive.org/web/20210807140602/https://www.bbc.com/news/technology-55977537|url-status=live}}</ref> As of 2024, Iran's cyber activities have advanced, particularly in their precision and intelligence-gathering capabilities, allowing for more accurate and targeted attacks against Israel. Following directives from Iran's supreme leader [[Ali Khamenei]] after the [[2023 Hamas-led attack on Israel|October 7 attacks]], cyber operations expanded, including joint efforts with [[Hezbollah]]. Despite these advances, Iran's cyber capabilities still fall short of Israel's, with Iranian hackers' skills being likened to those of mid-level organized crime gangs. However, Israeli officials remain concerned that Iran could rapidly enhance its capabilities, particularly through potential cooperation with [[Iran–Russia relations|Russia]].<ref name=":0">{{Cite news |title=Iran's electronic confrontation with Israel |url=https://www.economist.com/middle-east-and-africa/2024/08/15/irans-electronic-confrontation-with-israel |access-date=2024-08-18 |newspaper=The Economist |issn=0013-0613}}</ref>
==Background== {{Excerpt|Cyberwarfare}}
== Attacks against Iran == In June 2010, Iran was the victim of a [[cyber-attack]] when its [[Nuclear facilities in Iran|nuclear facility]] in Natanz was infiltrated by the cyber-worm '[[Stuxnet]]'.<ref name="journals1.scholarsportal.info">{{cite news|title=Stuxnet and the Future of Cyber War |work=James P. Farwell and Rafal Rohozinski }}</ref> A combined effort by the United States and Israel,<ref name=":02">{{Cite book |last=Cunningham |first=Fiona S. |title=Under the Nuclear Shadow: China's Information-Age Weapons in International Security |date=2025 |publisher=[[Princeton University Press]] |isbn=978-0-691-26103-4 |location= |doi=10.2307/jj.16040335 |jstor=jj.16040335}}</ref>{{Rp|page=211}} Stuxnet destroyed perhaps over 1,000 nuclear centrifuges and, according to a ''Business Insider'' article, "[set] Tehran's atomic programme back by at least two years."<ref name="businessinsider.com">{{cite news |url=http://www.businessinsider.com/us-general-irans-cyber-war-machine-a-force-to-be-reckoned-with-2013-1 |title=US General: Iran's Cyber War Machine 'A Force To Be Reckoned With' |work=Business Insider |access-date=2017-11-14 |archive-date=2019-04-02 |archive-url=https://web.archive.org/web/20190402222626/https://www.businessinsider.com/us-general-irans-cyber-war-machine-a-force-to-be-reckoned-with-2013-1 |url-status=live }}</ref> The worm spread beyond the plant to allegedly infect over 60,000 computers, but the government of Iran indicates it caused no significant damage. Iran crowdsourced solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology.<ref name="journals1.scholarsportal.info" /> No government claimed responsibility for the worm.<ref name="businessinsider.com" /> The cyber-worm was also used against [[North Korea]].{{citation needed|date=January 2022}}
=== NIN === Iranian cyber defense system - digital fortress part of [[National Information Network|national information network]] (national internet) - is developed for thwarting attacks and engaging attackers.<ref>{{Cite web |date=2020-02-09 |title=شکست حملات سایبری در مقابل"دژفا" |url=http://newspaper.hamshahrionline.ir/id/62005/%D8%B4%DA%A9%D8%B3%D8%AA-%D8%AD%D9%85%D9%84%D8%A7%D8%AA-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C-%D9%85%D9%82%D8%A7%D8%A8%D9%84%C2%AB%D8%AF%DA%98%D9%81%D8%A7%C2%BB.html |archive-url=https://web.archive.org/web/20200209201319/http://newspaper.hamshahrionline.ir/id/62005/%D8%B4%DA%A9%D8%B3%D8%AA-%D8%AD%D9%85%D9%84%D8%A7%D8%AA-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C-%D9%85%D9%82%D8%A7%D8%A8%D9%84%C2%AB%D8%AF%DA%98%D9%81%D8%A7%C2%BB.html |archive-date=2020-02-09 |access-date=2021-10-28}}</ref> In November 2022, the Iranian Majlis Islamic Consultative Assembly recommended a Passive Defence Incorporation.<ref>{{cite web |date=6 November 2022 |title=آغاز جلسه علنی مجلس/ طرح تشکیل سازمان پدافند غیرعامل در دستور |url=https://www.imna.ir/news/617254/%D8%A2%D8%BA%D8%A7%D8%B2-%D8%AC%D9%84%D8%B3%D9%87-%D8%B9%D9%84%D9%86%DB%8C-%D9%85%D8%AC%D9%84%D8%B3-%D8%B7%D8%B1%D8%AD-%D8%AA%D8%B4%DA%A9%DB%8C%D9%84-%D8%B3%D8%A7%D8%B2%D9%85%D8%A7%D9%86-%D9%BE%D8%AF%D8%A7%D9%81%D9%86%D8%AF-%D8%BA%DB%8C%D8%B1%D8%B9%D8%A7%D9%85%D9%84-%D8%AF%D8%B1-%D8%AF%D8%B3%D8%AA%D9%88%D8%B1 |url-status=live |archive-url=https://web.archive.org/web/20221113173140/https://www.imna.ir/news/617254/%D8%A2%D8%BA%D8%A7%D8%B2-%D8%AC%D9%84%D8%B3%D9%87-%D8%B9%D9%84%D9%86%DB%8C-%D9%85%D8%AC%D9%84%D8%B3-%D8%B7%D8%B1%D8%AD-%D8%AA%D8%B4%DA%A9%DB%8C%D9%84-%D8%B3%D8%A7%D8%B2%D9%85%D8%A7%D9%86-%D9%BE%D8%AF%D8%A7%D9%81%D9%86%D8%AF-%D8%BA%DB%8C%D8%B1%D8%B9%D8%A7%D9%85%D9%84-%D8%AF%D8%B1-%D8%AF%D8%B3%D8%AA%D9%88%D8%B1 |archive-date=13 November 2022 |access-date=13 November 2022}}</ref>
=== Events === * In October 2013, media reported Mojtaba Ahmadi, who served as commander of the "Cyber War Headquarters" was found dead wounded by bullets in [[Karaj]].<ref>{{cite web|first=Damien|last=McElroy|url=https://www.telegraph.co.uk/news/worldnews/middleeast/iran/10350285/Iranian-cyber-warfare-commander-shot-dead-in-suspected-assassination.html|title=Iranian cyber warfare commander shot dead in suspected assassination|work=[[The Daily Telegraph|The Telegraph]]|access-date=March 18, 2015|date=October 2, 2013|archive-date=October 7, 2019|archive-url=https://web.archive.org/web/20191007044226/https://www.telegraph.co.uk/news/worldnews/middleeast/iran/10350285/Iranian-cyber-warfare-commander-shot-dead-in-suspected-assassination.html|url-status=live}}</ref> * {{flagicon|Israel}} November 2018: [[Ministry of Information and Communications Technology of Iran|The Iranian telecommunication minister]] [[Mohammad-Javad Azari Jahromi]] accuses [[Israel]] of a failed [[cyberattack]] on its telecommunications infrastructure, and vows to respond with legal action.<ref>{{Cite news |url=https://www.reuters.com/article/us-iran-israel-cyber/iran-accuses-israel-of-failed-cyber-attack-idUSKCN1NA1LJ |title=Iran accuses Israel of failed cyber attack |newspaper=Reuters |date=5 November 2018 |access-date=2018-11-06 |archive-date=2020-05-28 |archive-url=https://web.archive.org/web/20200528133349/https://www.reuters.com/article/us-iran-israel-cyber/iran-accuses-israel-of-failed-cyber-attack-idUSKCN1NA1LJ |url-status=live }}</ref><ref>{{Cite web |url=https://www.channelnewsasia.com/news/world/iran-accuses-israel-of-failed-cyber-attack-10900158 |title=Iran accuses Israel of failed cyber attack - CNA |access-date=2018-11-06 |archive-date=2019-09-10 |archive-url=https://web.archive.org/web/20190910160854/https://www.channelnewsasia.com/news/world/iran-accuses-israel-of-failed-cyber-attack-10900158 |url-status=live }}</ref> *October 2021: [[Iranian fuel 2021 cyberstrike|An attack paralyzed gas stations]] across the country, preventing users from purchasing fuel using state-issued cards and digital billboards displaying antigovernment messages *In September, October and November 2022, Iranian state networks and emails came under attack by [[Anonymous (hacker group)|Anonymous]] and other hacking groups acting in solidarity with [[Mahsa Amini protests|Iranian protestors]].<ref>{{Cite web |last1=Browne |first1=Ryan |last2=Turak |first2=Natasha |date=5 October 2022 |title=Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship |url=https://www.cnbc.com/2022/10/05/how-anonymous-and-other-hacking-groups-are-aiding-protests-in-iran.html |access-date=2023-03-09 |website=CNBC |language=en |archive-date=2023-01-13 |archive-url=https://web.archive.org/web/20230113042118/https://www.cnbc.com/2022/10/05/how-anonymous-and-other-hacking-groups-are-aiding-protests-in-iran.html |url-status=live }}</ref> *In the year 2023 several government ministries were fully hacked by multiple people including Ministry of Science research and technology on September 23.<ref>{{Cite web |date=2023-09-24 |title=ماجرای حمله سایبری به سایت وزارت علوم چه بود؟ |url=https://www.etemadonline.com/%D8%A8%D8%AE%D8%B4-%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%DB%8C-23/633127-%D8%AD%D9%85%D9%84%D9%87-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C-%D9%88%D8%B2%D8%A7%D8%B1%D8%AA-%D8%B9%D9%84%D9%88%D9%85-%D8%B3%D8%A7%DB%8C%D8%AA-%D9%87%DA%A9 |access-date=2023-09-24 |website=اعتمادآنلاین |language=fa}}</ref><ref>{{Cite news |last=فردا |first=رادیو |date=2023-09-24 |title=سایت وزارت علوم ایران "هک شد"؛ هکرها میگویند به "بیش از ۲۰ هزار سند" دست یافتهاند |language=fa |work=رادیو فردا |url=https://www.radiofarda.com/a/the-site-of-the-iranian-ministry-of-science-was-hacked/32606204.html |access-date=2023-09-24}}</ref><ref>{{Cite web |last=قربانی |first=زهرا |date=2023-09-23 |title=ماجرای هک سایت وزارت علوم چیست؟ / سامانههای دولتی زیر ذرهبین هکرها |url=https://way2pay.ir/337948/ |access-date=2023-09-24 |website=راه پرداخت |language=fa-IR}}</ref> Veterans affairs<ref>{{Cite web |date=2023-09-24 |title=واکنش عجیب رییس بنیاد شهید به هک شدن سرورهای این سازمان؛ اطلاعاتی حساسی نداشتیم! |url=https://www.etemadonline.com/%D8%A8%D8%AE%D8%B4-%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%DB%8C-23/623461-%D9%87%DA%A9-%D8%B3%D8%B1%D9%88%D8%B1-%D8%A8%D9%86%DB%8C%D8%A7%D8%AF-%D8%B4%D9%87%DB%8C%D8%AF-%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%D8%A7%D8%AA-%D8%AD%D8%B3%D8%A7%D8%B3 |access-date=2023-09-24 |website=اعتمادآنلاین |language=fa}}</ref> Ministry of foreign affairs(50TB)<ref>{{Cite web |date=2023-09-24 |title=ماجرای هک سایت وزارت امور خارجه چه بود؟ |url=https://www.etemadonline.com/%D8%A8%D8%AE%D8%B4-%D8%B3%DB%8C%D8%A7%D8%B3%DB%8C-9/611602-%D9%87%DA%A9-%D9%88%D8%B2%D8%A7%D8%B1%D8%AA-%D8%AE%D8%A7%D8%B1%D8%AC%D9%87-%D8%AD%D9%85%D9%84%D9%87-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C |access-date=2023-09-24 |website=اعتمادآنلاین |language=fa}}</ref> Central Insurance and 19 subsidiary corporations(119 million lines records)<ref>{{Cite web |date=2023-09-04 |title=هک شرکتهای بیمه در ایران و نگرانی از ضعف امنیت سایبری |url=https://www.bbc.com/persian/articles/clk147yydv2o |access-date=2023-09-24 |website=BBC News فارسی |language=fa}}</ref><ref>{{Cite news |last=فردا |first=رادیو |date=2023-09-04 |title=برکناری رئیس کل بیمه مرکزی ایران در پی اخبار "هک اطلاعات ۱۸ شرکت بیمه" |language=fa |work=رادیو فردا |url=https://www.radiofarda.com/a/32576771.html |access-date=2023-09-24}}</ref><ref>{{Cite web |date=2023-09-04 |title=پسلرزههای هک اطلاعات ۱۸ شرکت بیمه؛ رئیس کل بیمه مرکزی ایران برکنار شد |url=https://ir.voanews.com/a/hack-insurance-companies-iran-tapsi/7253680.html |access-date=2023-09-24 |website=صدای آمریکا |language=fa}}</ref> City of Tehran municipality, State news bulletin<ref>{{Cite web |date=2023-09-24 |title=ابعاد هک و انتشار اطلاعات شخصی خبرنگاران و کارکنان خبرگزاری فارس بررسی شود |url=https://www.etemadonline.com/%D8%A8%D8%AE%D8%B4-%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%DB%8C-23/585165-%D8%AD%D9%85%D9%84%D9%87-%D8%B3%D8%A7%DB%8C%D8%A8%D8%B1%DB%8C-%D9%87%DA%A9-%D8%AE%D8%A8%D8%B1%DA%AF%D8%B2%D8%A7%D8%B1%DB%8C-%D8%AF%D8%A7%D8%AF%DA%AF%D8%B3%D8%AA%D8%B1%DB%8C |access-date=2023-09-24 |website=اعتمادآنلاین |language=fa}}</ref> National Civil Registration vital records organization database(20TB)<ref>{{Cite web |last=قربانی |first=زهرا |date=2023-09-20 |title=ماجرای هک سازمان ثبتاحوال چه بود؟ |url=https://way2pay.ir/337687/ |access-date=2023-09-24 |website=راه پرداخت |language=fa-IR}}</ref> Atomic Energy Organization<ref>{{Cite web |date=2023-09-22 |title=هشدار هکرهای بلک رویوارد: اگر رژیم به خواست مردم تن ندهد، اسناد هستهای را رو می کنیم |url=https://www.iranintl.com/202210221344 |access-date=2023-09-24 |website=ایران اینترنشنال |language=fa}}</ref> Presidency<ref>{{Cite web |date=2024-01-25 |title=سند هک شده: وزارت خارجه جمهوری اسلامی نشستی برای مدیریت بحران پهپادی در اوکراین برگزار کرد |url=https://www.iranintl.com/202306156018 |access-date=2024-01-25 |website=ایران اینترنشنال |language=fa}}</ref> Ridesharing company [[Tapsi (ridehailing)|Tapsi]] was hacked as well. *December 2023 seventy percent of entire national Iranian fuel pumps taken out, Predators Sparrow took responsibility<ref>{{Cite web |date=2023-12-18 |title=اختلال سراسری در پمپ بنزینهای ایران؛ "گنجشک درنده": حمله سایبری کار ما بود |url=https://www.bbc.com/persian/articles/crg0n7xjy48o |access-date=2024-01-25 |website=BBC News فارسی |language=fa}}</ref> *January 2024 Snapp was hacked with records of 80 million Iranians along with payment info sold.<ref>{{Cite web |date=2024-01-01 |title=هکرهای شرکت «اسنپ فود» نهایی شدن دریافت باج را تائید کردند |url=https://www.bbc.com/persian/articles/ce9exxgkxeno |access-date=2024-03-01 |website=BBC News فارسی |language=fa}}</ref> *In 2024 February **Islamic Consultative Assembly was hacked revealing massive payment to members.<ref>{{Cite news |last=فردا |first=رادیو |date=2024-02-13 |title=روابط عمومی مجلس هک وبسایتها و «دسترسی» هکرها به اسناد مجلس را تأیید کرد |url=https://www.radiofarda.com/a/iran-s-parliament-news-agency-hacked/32817515.html |access-date=2024-03-01 |work=رادیو فردا |language=fa}}</ref><ref>{{Cite web |date=2024-02-13 |title=هک وبسایتهای مجلس؛ هکرها «حقوق ۲۰۰ میلیونی» نمایندگان و مزایایی مانند «آجیل شب یلدا» را فاش کردند |url=https://ir.voanews.com/a/cyber-attack-hack-parliament-websites-ir-iran/7485593.html |access-date=2024-03-01 |website=صدای آمریکا |language=fa}}</ref> **Russian hackers attacked Iranian embassy.<ref>{{Cite web |date=2024-03-01 |title=حمله سایبری هکرهای روسی به سفارتخانههای جمهوری اسلامی |url=https://www.iranintl.com/202402182771 |access-date=2024-03-01 |website=ایران اینترنشنال |language=fa}}</ref> **3000000 court penal cases of Iranian Judicial system hacked and put online.<ref>{{Cite web |date=2024-02-21 |title=Justice Of Iran |url=https://edaalat.org/home |access-date=2024-03-01 |archive-url=https://web.archive.org/web/20240221081514/https://edaalat.org/home |archive-date=2024-02-21 }}</ref> **Anonymous reportedly extracted 14 GB of data out of a [[Malek-Ashtar University of Technology]] server belonging to Ministry of Defense.<ref>{{Cite web |date=2024-02-22 |title=هکرهای گمنام چهارده گیگابایت اطلاعات از سرورهای دانشگاه صنعتی مالک اشتر استخراج کردند |url=https://ir.voanews.com/a/malek-ashtar-university-hackers-iran/7497095.html |access-date=2024-03-01 |website=صدای آمریکا |language=fa}}</ref> **US military attacked two Iranian intelligence vessels at [[Red Sea]].<ref>{{Cite web |date=2024-02-16 |title=US Cyberattack Hit 2 Iranian Military Ships in Red Sea |url=https://www.voanews.com/a/us-cyberattack-hit-2-iranian-military-ships-in-red-sea-/7491503.html |access-date=2024-03-01 |website=Voice of America |language=en}}</ref> *May 2024 Iranian regime was getting hammered with huge scale cyberattacks causing internet issues <ref>{{cite web | url=https://www.iranintl.com/202405160242 | title=زارعپور، وزیر ارتباطات: نمیخواهیم مردم از حملات سایبری مطلع شوند | date=16 May 2024 }}</ref> *June 2024 Islamic culture and guidance's ministry Haj.ir taken out, source code and database hacked by IRleaks team, it included pilgrim and civil travel records since 1980s<ref>{{cite web | url=https://www.imna.ir/news/759252/%D8%B3%D8%A7%DB%8C%D8%AA-%D8%B3%D8%A7%D8%B2%D9%85%D8%A7%D9%86-%D8%AD%D8%AC-%D9%88-%D8%B2%DB%8C%D8%A7%D8%B1%D8%AA-%D9%87%DA%A9-%D8%B4%D8%AF | title=سایت سازمان حج و زیارت هک شد؟ | date=June 2024 }}</ref> **Ministry of Science hacked.<ref>{{cite web | url=https://www.iranintl.com/202406087777 | title=سایت وزارت علوم پس از حمله هکری به طور موقت از دسترس خارج شد | date=8 June 2024 }}</ref> *[[IRLeaks attack on Iranian banks]] *October Israeli cyberattacks on nuclear facilities<ref>{{cite news | url=https://timesofindia.indiatimes.com/technology/tech-news/israel-hezbollah-war-iran-hit-by-massive-cyberattacks-nuclear-facilities-and-government-agencies-targeted/articleshow/114195005.cms | title=Israel-Hezbollah war: Iran hit by massive cyberattacks; "nuclear facilities and government agencies targeted" | newspaper=The Times of India | date=13 October 2024 }}</ref> *10000 documents and emails related to oil smuggling and regime corruption leaked by Anonymous.<ref>{{Cite news |last=Carsten |first=Paul |last2=Dutta |first2=Prasanta Kumar |date=2025-01-07 |title=How Iran moves sanctioned oil around the world |url=https://www.reuters.com/graphics/IRAN-OIL/zjpqngedmvx/ |access-date=2025-03-21 |work=Reuters |language=en}}</ref><ref>{{Cite web |title=simorgh.io |url=https://simorgh.io/data/SaharaThunder/ |access-date=2025-03-21 |website=simorgh.io}}</ref> *In April 2025 Iranian hackers used MURKYTOUR malware in social engineering attack campaign in Israel.<ref>{{Cite web |last= |first= |title=Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign |url=http://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html |access-date=2026-03-19 |website=The Hacker News |language=en}}</ref>
== June 2025 - Post-war == During the Israel-Iran war phones belonging to IRGC commanders drivers and bodyguards were hacked by Israel.<ref>{{Cite web |title="اسرائیل با هک تلفن محافظان فرماندهان ایران را هدف قرار داد" – DW – ۱۴۰۴/۶/۹ |url=https://www.dw.com/fa-ir/%D8%A7%D8%B3%D8%B1%D8%A7%D8%A6%DB%8C%D9%84-%D8%A8%D8%A7-%D9%87%DA%A9-%D8%AA%D9%84%D9%81%D9%86-%D9%85%D8%AD%D8%A7%D9%81%D8%B8%D8%A7%D9%86-%D9%81%D8%B1%D9%85%D8%A7%D9%86%D8%AF%D9%87%D8%A7%D9%86-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%B1%D8%A7-%D9%87%D8%AF%D9%81-%D9%82%D8%B1%D8%A7%D8%B1-%D8%AF%D8%A7%D8%AF/a-73824144 |access-date=2025-12-19 |website=dw.com |language=fa}}</ref> Iranian regime has disabled GPS signal access by jamming it from the June 12.<ref>{{Cite web |date=2025-07-10 |title=دلیل اختلال جیپیاس در ایران چیست و چقدر میتواند خطرناک باشد؟ |url=https://www.bbc.com/persian/articles/cx23d1npv14o |access-date=2026-03-19 |website=BBC News فارسی |language=fa}}</ref>
Since June 2025 [[cloudflare]] radar recorded Iranian regime ordered at least 8 separate internet blackouts nationwide in Iran throughout 2025.<ref>{{Cite web |date=2025-12-15 |title=The 2025 Cloudflare Radar Year in Review- the rise of AI, post-quantum, and record-breaking DDoS attacks |url=https://blog.cloudflare.com/radar-2025-year-in-review/ |access-date=2025-12-19 |website=The Cloudflare Blog |language=en}}</ref><ref>{{Cite news |title=گزارش جنجالی کلودفلر از اینترنت ایران در سال ۲۰۲۵ |url=https://fararu.com/fa/news/933413/%DA%AF%D8%B2%D8%A7%D8%B1%D8%B4-%D8%AC%D9%86%D8%AC%D8%A7%D9%84%DB%8C-%DA%A9%D9%84%D9%88%D8%AF%D9%81%D9%84%D8%B1-%D8%A7%D8%B2-%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%AF%D8%B1-%D8%B3%D8%A7%D9%84 |archive-url=http://web.archive.org/web/20251219120725/https://fararu.com/fa/news/933413/%DA%AF%D8%B2%D8%A7%D8%B1%D8%B4-%D8%AC%D9%86%D8%AC%D8%A7%D9%84%DB%8C-%DA%A9%D9%84%D9%88%D8%AF%D9%81%D9%84%D8%B1-%D8%A7%D8%B2-%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%AF%D8%B1-%D8%B3%D8%A7%D9%84 |archive-date=2025-12-19 |access-date=2025-12-19 |work=Fararu {{!}} فرارو |language=fa}}</ref>
Iranian regime also set up a law to enforce the capital death penalty punishment for connecting to and using the internet via SpaceX [[Starlink]] satellite broadband technology.<ref>{{Cite web |date=2025-10-10 |title=New Iran law to up Starlink punishments, use for spying will carry death |url=https://www.iranintl.com/en/202510093488 |access-date=2025-12-19 |website=www.iranintl.com |language=en}}</ref><ref>{{Cite web |title=Reeling from Israel war, Iran expands espionage law, bans Starlink use - AL-Monitor: The Middle Eastʼs leading independent news source since 2012 |url=https://www.al-monitor.com/originals/2025/10/reeling-israel-war-iran-expands-espionage-law-bans-starlink-use |access-date=2025-12-19 |website=www.al-monitor.com |language=en}}</ref><ref>{{Cite web |last=Algemeiner |first=The |title=Iran Set to Enforce Death Penalty for Starlink Satellite Internet Use |url=https://www.algemeiner.com/2025/10/10/iran-set-enforce-death-penalty-starlink-satellite-internet-use/ |access-date=2025-12-19 |website=Algemeiner.com |language=en-US}}</ref>
In September the regime executed Iranian database expert for reason of espionage on behalf of Israel.<ref>{{Cite web |date=2025-09-29 |title=ایران یک متخصص حوزه دیتابیس را به عنوان «جاسوس مورد وثوق» اسرائیل اعدام کرد |url=http://parsi.euronews.com/2025/09/29/iran-executes-database-expert-accused-of-spying-for-israel |access-date=2025-12-19 |website=euronews |language=fa}}</ref><ref>{{Cite web |date=2025-09-29 |title=قوه قضائیه ایران: متخصص دیتابیس شرکت دانشبنیان به جرم جاسوسی برای اسرائیل اعدام شد |url=https://www.bbc.com/persian/articles/c89d5vwz0y2o |access-date=2025-12-19 |website=BBC News فارسی |language=fa}}</ref>
In December a hacker sold leaked data belonging to more than 69 million Iranian citizens including full names, birthday, national id, postal code & address, and phone number.<ref>{{Cite news |title=ادعای یک هکر: اطلاعات ۶۹ میلیون ایرانی برای فروش در اختیار من است |url=https://donya-e-eqtesad.com/%D8%A8%D8%AE%D8%B4-%D8%B3%D8%A7%DB%8C%D8%AA-%D8%AE%D9%88%D8%A7%D9%86-62/4237146-%D8%A7%D8%AF%D8%B9%D8%A7%DB%8C-%DB%8C%DA%A9-%D9%87%DA%A9%D8%B1-%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%D8%A7%D8%AA-%D9%85%DB%8C%D9%84%DB%8C%D9%88%D9%86-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86%DB%8C-%D8%A8%D8%B1%D8%A7%DB%8C-%D9%81%D8%B1%D9%88%D8%B4-%D8%AF%D8%B1-%D8%A7%D8%AE%D8%AA%DB%8C%D8%A7%D8%B1-%D9%85%D9%86-%D8%A7%D8%B3%D8%AA |archive-url=https://web.archive.org/web/20251219121903/https://donya-e-eqtesad.com/%D8%A8%D8%AE%D8%B4-%D8%B3%D8%A7%DB%8C%D8%AA-%D8%AE%D9%88%D8%A7%D9%86-62/4237146-%D8%A7%D8%AF%D8%B9%D8%A7%DB%8C-%DB%8C%DA%A9-%D9%87%DA%A9%D8%B1-%D8%A7%D8%B7%D9%84%D8%A7%D8%B9%D8%A7%D8%AA-%D9%85%DB%8C%D9%84%DB%8C%D9%88%D9%86-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86%DB%8C-%D8%A8%D8%B1%D8%A7%DB%8C-%D9%81%D8%B1%D9%88%D8%B4-%D8%AF%D8%B1-%D8%A7%D8%AE%D8%AA%DB%8C%D8%A7%D8%B1-%D9%85%D9%86-%D8%A7%D8%B3%D8%AA |archive-date=2025-12-19 |access-date=2025-12-19 |work=روزنامه دنیای اقتصاد |language=fa}}</ref> ==2026 Iran war== During the [[2026 Iran War]] it was reported that the service of two Iranian banks, [[Bank Sepah]] and Melli Bank, both with ties to the Iranian Government and the [[IRGC]], were disrupted.<ref>https://www.shahrekhabar.com/news/177324096024870 {{dead link|date=March 2026|fix-attempted=yes}}</ref><ref>{{cite news |url=https://www.jpost.com/middle-east/iran-news/article-889474 |title=Iran's Melli, Sepah banks reported outages, service disruptions, IRGC-linked media report |first=James |last=Genn|website=[[The Jerusalem Post]] |date=10 March 2026 |language=en}}</ref>
== Attacks by Iran == The [[Iranian government]] has been accused by Western analysts of its own cyber-attacks against the [[United States]], [[Israel]] and [[Persian Gulf]] Arab countries, but denied this, including specific allegations of 2012 involvement in hacking into American banks.<ref name="businessinsider.com" /> The conflict between [[Iran–United States relations|Iran and the United States]] has been called "history's first known cyber-war" by Michael Joseph Gross in mid-2013.<ref>[http://www.vanityfair.com/culture/2013/07/new-cyberwar-victims-american-business "Silent War"] {{Webarchive|url=https://web.archive.org/web/20141115153130/http://www.vanityfair.com/culture/2013/07/new-cyberwar-victims-american-business |date=2014-11-15 }} July 2013 ''[[Vanity Fair (magazine)|Vanity Fair]]''</ref>
=== 2010-2020 === * {{flagicon|Israel}} August 2014: An [[Israeli Defence Forces|IDF]] official told the press that Iran has launched numerous significant attacks against Israel's [[Internet]] infrastructure.<ref>{{cite news|url=https://www.politico.com/tipsheets/morning-cybersecurity/2014/08/iran-launched-major-cyberattacks-on-the-israeli-internet-german-intelligence-snooped-on-kerry-and-clinton-seleznev-gets-no-bail-212543|title=Iran launched major cyberattacks on the Israeli Internet|work=Politico|access-date=27 April 2015|date=22 April 2015|author=Joseph Marks|archive-date=10 November 2014|archive-url=https://web.archive.org/web/20141110054322/http://www.politico.com/morningcybersecurity/0814/morningcybersecurity15035.html|url-status=live}}</ref> * {{flagicon|Turkey}} 31 March 2015: There was [[2015 Turkey blackout|a massive power outage]] for 12 hours in 44 of 81 provinces of Turkey, holding 40 million people. [[Istanbul]] and [[Ankara]] were among the places suffering blackouts. According to ''[[Observer.com]]'', Iranian hackers, possibly the [[Iranian Cyber Army]], were behind the power outage.<ref>{{cite news|url=http://observer.com/2015/04/iran-flexes-its-power-by-transporting-turkey-to-the-stone-ages/|title=Iran Flexes Its Power by Transporting Turkey to the Stone Age|work=Observer|access-date=27 April 2015|date=22 April 2015|author=Micah Halpern|archive-date=14 December 2019|archive-url=https://web.archive.org/web/20191214152903/https://observer.com/2015/04/iran-flexes-its-power-by-transporting-turkey-to-the-stone-ages/|url-status=live}}</ref> * {{flagicon|United Kingdom}} June 2017: The ''Daily Telegraph'' reported that intelligence officials concluded that Iran was responsible for a cyberattack on the [[Parliament of the United Kingdom|British Parliament]] lasting 12 hours that compromised around 90 email accounts of [[Member of parliament|MPs]]. The motive for the attack is unknown but experts suggested that the Islamic Revolutionary Guard Corps could be using cyberwarfare to undermine the [[Joint Comprehensive Plan of Action|Iran nuclear deal]].<ref>{{cite web|url=https://www.msn.com/en-gb/news/uknews/iran-blamed-for-cyberattack-on-parliament-that-hit-dozens-of-mps-including-theresa-may/ar-AAtpPag?li=AAmiR2Z&ocid=spartanntp|title=Iran blamed for cyberattack on Parliament that hit dozens of MPs, including Theresa May|work=The Telegraph|date=14 October 2017|access-date=6 December 2017|archive-date=6 December 2017|archive-url=https://web.archive.org/web/20171206135812/https://www.msn.com/en-gb/news/uknews/iran-blamed-for-cyberattack-on-parliament-that-hit-dozens-of-mps-including-theresa-may/ar-AAtpPag?li=AAmiR2Z&ocid=spartanntp|url-status=live}}</ref> * {{flagicon|United States}} November 2020: CISA reported an Iranian group obtained private voter registration data, for the purposes of voter intimidation.<ref>{{Cite web|url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-304a|title=Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data | CISA|date=November 3, 2020|website=www.cisa.gov}}</ref>
=== 2022 === * {{flagicon|Israel}} January 2022: The website of [[Israel]]'s ''[[The Jerusalem Post|Jerusalem Post]]'' newspaper and the Twitter account of Maariv newspaper are hacked by suspected [[Iran]]ian hackers. The website's content was replaced with a threat to target the [[Shimon Peres Negev Nuclear Research Center]], and an apparent reference to [[Qasem Soleimani]] who was [[Assassination of Qasem Soleimani|assassinated]] exactly two years earlier in [[Baghdad]], [[Iraq]].<ref>{{Cite web|url=https://www.reuters.com/world/middle-east/israels-jerusalem-post-website-hacked-soleimani-assassination-anniversary-2022-01-03/|title=Israel's Jerusalem Post Website Hacked|work=Reuters|date=3 January 2022|access-date=2022-01-03|archive-date=2022-01-03|archive-url=https://web.archive.org/web/20220103103757/https://www.reuters.com/world/middle-east/israels-jerusalem-post-website-hacked-soleimani-assassination-anniversary-2022-01-03/|url-status=live}}</ref><ref>{{Cite web|url = https://www.timesofisrael.com/israeli-news-sites-hacked-with-iran-warning-on-anniversary-of-soleimani-killing/|title = Jerusalem Post website hacked with Iran warning on anniversary of Soleimani killing|website = [[The Times of Israel]]|access-date = 2022-01-03|archive-date = 2022-01-03|archive-url = https://web.archive.org/web/20220103121617/https://www.timesofisrael.com/israeli-news-sites-hacked-with-iran-warning-on-anniversary-of-soleimani-killing/|url-status = live}}</ref> * {{flagicon|Israel}} March 2022: Large-scale cyberattacks were launched against multiple Israeli government websites, allegedly by Iran as retaliation for failed Mossad operations, though neither the attack attribution nor the purported Mossad operations could be confirmed as of March 2022. The National Cyber Directorate declared a state of emergency as a result of the attacks and unnamed defense sources told media outlets it was possibly the largest-ever cyberattack against Israel.<ref>{{cite web |url=https://www.jpost.com/breaking-news/article-701269 |archive-url=https://web.archive.org/web/20220314214405/https://www.jpost.com/breaking-news/article-701269 |archive-date=2022-03-14 |access-date=2022-03-14 |url-status=live |title=Cyberattack against Israeli sites follows reports of failed Mossad op against Iran |author=Yonah Jeremy Bob |date=2022-03-14|publisher=The Jerusalem Post}}</ref><ref>{{cite news |url=https://www.haaretz.com/israel-news/2022-03-14/ty-article/.premium/israeli-government-sites-crash-in-cyberattack/00000180-5b8b-d615-a9bf-dfdbecd30000 |title=Israeli Government Sites Crash in Cyberattack |archive-url=https://web.archive.org/web/20220314184356/https://www.haaretz.com/israel-news/.premium-israeli-government-sites-crash-in-cyberattack-1.10674433 |url-status=live |access-date=2022-03-14 |archive-date=2022-03-14 |newspaper=Haaretz |author=Yaniv Kubovich}}</ref> * {{flagicon|Albania}} November 2022: Iranian hackers attacked Albanian networks.<ref>{{Cite web |title=New Entries in the CFR Cyber Operations Tracker: Q3 2022 |url=https://www.cfr.org/blog/new-entries-cfr-cyber-operations-tracker-q3-2022 |access-date=2023-03-09 |website=Council on Foreign Relations |language=en |archive-date=2023-04-26 |archive-url=https://web.archive.org/web/20230426120359/https://www.cfr.org/blog/new-entries-cfr-cyber-operations-tracker-q3-2022 |url-status=live }}</ref><ref>{{cite news |last=Agencies |title=Albania cuts diplomatic ties with Iran, boots out diplomats over July cyberattack |url=https://www.timesofisrael.com/albania-cuts-diplomatic-ties-with-iran-boots-out-diplomats-over-july-cyberattack/ |access-date=2023-03-09 |website=[[The Times of Israel]] |language=en-US |archive-date=2022-11-17 |archive-url=https://web.archive.org/web/20221117041837/https://www.timesofisrael.com/albania-cuts-diplomatic-ties-with-iran-boots-out-diplomats-over-july-cyberattack/ |url-status=live |issn=0040-7909}}</ref> * {{flagicon|America}} November: seventeen American networks system were turned into mining crypto because of existing undefended vulnerability.<ref>{{cite web | url=https://www.cnn.com/2022/11/16/politics/iran-hackers-us-government-network/index.html | title=Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say | website=[[CNN]] | access-date=2022-11-17 | archive-date=2022-11-17 | archive-url=https://web.archive.org/web/20221117112724/https://amp.cnn.com/cnn/2022/11/16/politics/iran-hackers-us-government-network/index.html | url-status=live }}</ref>
=== 2023 === * Moneybird ransomware was used by Agrius against Israeli people.<ref>{{Cite web |date=2023-05-25 |title=Iranian hacker group Agrius launches Moneybird ransomware attacks on Israeli entities |url=https://www.2-spyware.com/iranian-hacker-group-agrius-launches-moneybird-ransomware-attacks-on-israeli-entities |access-date=2023-05-25 |website=www.2-spyware.com |language=en}}</ref> Cyberattack on Israeli university was blamed on Iranian ministry of intelligence.<ref>{{Cite web |last=Kleinman |first=Danielle |date=2023-03-07 |title=Iran Launches Cyberattack on Israeli University |url=https://www.fdd.org/analysis/2023/03/07/iran-launches-cyberattack-on-israeli-university/ |access-date=2023-05-25 |website=FDD |language=en}}</ref> Attacks attributed to Iranians targeted Israeli ports and Haifa harbors.<ref>{{Cite web |date=2023-05-24 |title=Iran suspect in cyberattack targeting Israeli shipping, financial firms - Al-Monitor: Independent, trusted coverage of the Middle East |url=https://www.al-monitor.com/originals/2023/05/iran-suspect-cyberattack-targeting-israeli-shipping-financial-firms |access-date=2023-05-25 |website=www.al-monitor.com |language=en}}</ref> * Disinformation en masse sponsored by state targeted Iranians in 2023.<ref>{{Cite web|url=https://www.axios.com/2023/05/02/iran-disinformation-wars-microsoft|title=The Iranian government is joining Russia and China in promoting disinformation campaigns|first=Sam|last=Sabin|date=May 2, 2023|website=Axios}}</ref> *In August 2023, Germany's [[Federal Office for the Protection of the Constitution]] reported that hackers linked to Iran's Islamic Revolutionary Guard Corps targeted Iranian regime opponents in Germany, using fake identities to conduct cyber espionage.<ref>{{Cite web |date=2024-01-25 |title=هکرهای سپاه پاسداران مخالفان رژیم جمهوری اسلامی را در آلمان هدف قرار میدهند |url=https://www.iranintl.com/202308103879 |access-date=2024-01-25 |website=ایران اینترنشنال |language=fa}}</ref> *Sophos and Zimperium report Iranian citizens credentials hacked by Iranian hackers, with Firebase, C2 (C&C) iOS, Android malware apps called Bank Saderat, Central Bank and Bank Mellat.<ref>{{Cite web |last=Kohli |first=Pankaj |date=2023-07-27 |title=Uncovering an Iranian mobile malware campaign |url=https://news.sophos.com/en-us/2023/07/27/uncovering-an-iranian-mobile-malware-campaign/ |access-date=2023-12-02 |website=Sophos News |language=en-US}}</ref> *In November 2023, Ziv Hospital in [[Safed]], Israel, reported a cyber breach of its computer systems. An Iranian-linked hacking group subsequently claimed to have obtained 500 gigabytes of patient information.<ref name=":0" /> *In late November 2023, the Municipal Water Authority of [[Aliquippa, Pennsylvania]] experienced a cyberattack by pro-Iran hackers who breached its industrial equipment, including a system managing water pressure.<ref>{{Cite web |last1=Lyngaas |first1=Sean |last2=Sgueglia |first2=Kristina |date=2023-11-28 |title=Federal officials investigating after pro-Iran group allegedly hacked water authority in Pennsylvania |url=https://www.cnn.com/2023/11/28/us/pennsylvania-water-cyberattack/index.html |access-date=2023-11-29 |website=CNN |language=en}}</ref> *In December 2023, a cyberattack by hackers linked to Iran disrupted the water supply in a rural area of [[County Mayo]], [[Republic of Ireland|Ireland]], leaving about 160 households without water for two days.<ref>{{Cite web |date=2024-03-01 |title=حمله سایبری هکرهای جمهوری اسلامی موجب قطع آب منطقهای در ایرلند شد |url=https://www.iranintl.com/202312141554 |access-date=2024-03-01 |website=ایران اینترنشنال |language=fa}}</ref> *December 14, 2023 ESET documented OilRig group which is state sponsored use C&C attacks.<ref>{{Cite web |title=OilRig's persistent attacks using cloud service-powered downloaders |url=https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ |access-date=2024-01-25 |website=www.welivesecurity.com |language=en}}</ref>
=== 2024 === *In February 2024, [[OpenAI]] announced that it had shut down accounts used by the Crimson Sandstorm hacking group. The group had been using OpenAI services to research evasion techniques, write and refactor code, and create phishing campaign content.<ref name="OpenAI">{{cite web|url=https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors|title=Disrupting malicious uses of AI by state-affiliated threat actors|date=February 14, 2024}}</ref><ref name="AIThreatActors">{{cite web|url=https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai|title=Staying ahead of threat actors in the age of AI|website=[[Microsoft]] |date=February 14, 2024}}</ref> *April 2024 Israel secrets published by Iranian website,<ref>{{Cite web|url=https://www.haaretz.com/israel-news/security-aviation/2024-04-16/ty-article/.premium/click-here-for-sensitive-israeli-data-iran-linked-website-leaks-hacked-secret-info/0000018e-e6c8-de97-a5bf-f6f876a10000|title=Iran-linked Website Leaks Secret Israeli Data - National Security & Cyber}}</ref> *In June 2024, Iranian-backed hackers, identified as [[Mint Sandstorm]] (also known as Charming Kitten or APT35), targeted a high-ranking official from a U.S. presidential campaign with a spear-phishing attack. The hackers used a compromised email account to send a malicious link.<ref>{{Cite web|url=https://www.axios.com/2024/08/09/iran-presidential-campaign-2024-hacking|title=Iran is already trying to hack presidential campaign officials leading up to 2024 Election Day|first=Sam|last=Sabin|date=August 9, 2024|website=Axios}}</ref> *In July 2024, [[MuddyWater (hacker group)|MuddyWater]], an [[advanced persistent threat]] group, increased cyber attacks in the Middle East.<ref>{{Cite web|url=https://blog.checkpoint.com/research/muddywater-threat-group-deploys-new-bugsleep-backdoor/|title=MuddyWater Threat Group Deploys New BugSleep Backdoor|date=July 15, 2024|website=Check Point Blog}}</ref> *On August 9, 2024, [[Microsoft]] reported that Iran has intensified its interference in the US elections by launching fake news sites and conducting hacking attempts. According to a [[The Washington Post|''Washington Post'']] report, Iranian-operated news networks, such as Nio Thinker and Savannah Time, aim to polarize American voters by promoting extreme viewpoints. Microsoft also detailed a spear-phishing attack conducted by Iranian hackers targeting a US presidential campaign. This group used a compromised email account to attempt unauthorized access to sensitive information. Another Iranian group also managed to breach an account belonging to a county government employee in a swing state.<ref>{{Cite news|url=https://www.washingtonpost.com/technology/2024/08/09/iran-fake-news-microsoft-report/|title=Iran uses fake news sites to interfere in U.S. election, Microsoft says|first=Joseph|last=Menn|date=2024-08-09|newspaper=[[The Washington Post]]}}</ref> *In September 2024, U.S. authorities revealed that Iranian hackers had accessed and distributed stolen information from Trump's campaign to individuals linked to Biden's re-election effort, aiming to disrupt the election. Despite Iran's denial of involvement, officials suggested the intent was to erode public confidence in the electoral process.<ref>{{cite news|title=US says Iran emailed stolen Trump campaign material to Biden camp| date=19 September 2024 |url=https://www.reuters.com/world/us/us-alleges-iran-tried-influence-election-with-messages-biden-camp-2024-09-18/ |newspaper=Reuters News| access-date=19 September 2024}}</ref> *Also in September 2024, Swedish authorities revealed that a cyber group called Anzu, operating under Iran's Islamic Revolutionary Guard Corps (IRGC), were responsible for hacking into a Swedish text messaging service in July 2023, taking over passwords, usernames and other tools, and sending thousands of messages calling Swedes "demons" and bearing instructions to exact vengeance upon Koran burners. Iran denied the accusation, though the investigation by the Swedish Prosecution Authority managed to identify the individual hackers responsible for the data breach. In a statement by Justice Minister Gunnar Stromme it was said that the goal was to destabilise Sweden or increase polarisation, and the security service warned that Iran is among those seeking to create division and bolster their own regimes.<ref>{{Cite web |title=Sweden blames Iran for cyber-attack after Quran burnings |url=https://www.bbc.com/news/articles/c0lw0081e1yo |access-date=2024-09-26 |website=www.bbc.com |language=en-GB}}</ref><ref>{{Cite web |last=Olsen |first=Jan M. |title=Iran was behind thousands of text messages calling for revenge over Quran burnings, Sweden says |url=https://apnews.com/article/sweden-iran-quran-burnings-revolutionary-guard-309f5f12aac2fc4e9a064bb0ffd313ee |website=AP News|date=24 September 2024 }}</ref><ref>{{Cite web |last=Kirby |first=Paul |title=Sweden blames Iran for cyber-attack after Quran burnings |url=https://www.bbc.com/news/articles/c0lw0081e1yo |website=BBC News}}</ref> On October 30 FBI and Treasury released a cybsecurity threat advisory related in relation to Emennet Passargad.<ref>{{Cite web |title=New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad |url=https://www.ic3.gov/CSA/2024/241030.pdf |website=Internet Crime Complaint Center}}</ref><ref>{{Cite web |last=samanthar@checkpoint.com |date=2024-11-14 |title=Malware Spotlight: A Deep-Dive Analysis of WezRat |url=https://research.checkpoint.com/2024/wezrat-malware-deep-dive/ |access-date=2024-11-15 |website=Check Point Research |language=en-US}}</ref>
In November 2024 ClearSky revealed an Iranian "dream job malware" APT TA455 doing an op using North Korean shared methods targeting US defence sector.<ref>{{Cite web |title=Iranian "Dream Job" Campaign 11.24 |website=ClearSky Cyber Security |url=https://www.clearskysec.com/irdreamjob24/}}</ref>
Iranian state-sponsored hackers, identified as TA455 (also known as APT35 and Charming Kitten), have been conducting a cyber espionage campaign targeting the [[Aerospace manufacturer|aerospace industry]] since September 2023, using tactics similar to those of North Korean threat actors. The campaign involves creating fake recruiter profiles on [[LinkedIn]] and using malicious domains to lure victims into downloading [[malware]] known as SnailResin. Victims are enticed to open ZIP files disguised as job-related documents, which have a low [[Antivirus software|antivirus]] detection rate. The malware is deployed through DLL side-loading attacks, closely mirroring techniques used by North Korean [[hacker]]s. Researchers suggest that the Iranian hackers may have adopted these methods from [[North Korea]], particularly given the malware's initial association with North Korean groups like [[Kimsuky]] and Lazarus. TA455 employs [[Cloudflare]] to obscure its command-and-control domains and encodes command and control data on [[GitHub]] to blend in with legitimate web traffic, making tracking their infrastructure difficult. The primary targets of this campaign are aerospace professionals, with the goal of infiltrating networks within the aerospace, aviation, and defense sectors, particularly in the [[Middle East]], including [[Israel]], the [[United Arab Emirates|UAE]], and potentially [[Turkey]], [[India]], and [[Albania]]. The goal appears to be espionage and data exfiltration from these high-value targets in the aerospace sector.<ref>{{Cite web |date=November 14, 2024 |author=Prajeet Nair |title=Iranian Threat Actors Mimic North Korean Job Scam Techniques |url=https://www.bankinfosecurity.com/iranian-threat-actors-mimic-north-korean-job-scam-techniques-a-26818 |access-date=2024-12-26 |website=BankInfoSecurity |language=en}}</ref>
The UK and US have jointly issued a warning about ongoing spear-phishing attacks conducted by cyber actors affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC). These sophisticated attacks target individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and those involved in US political campaigns. The attackers use social engineering techniques to impersonate trusted contacts, aiming to gain access to victims' personal and business accounts. They often use fraudulent login pages to obtain credentials, allowing them to access sensitive information and manipulate email accounts. The National Cyber Security Centre (NCSC) and its US counterparts are urging at-risk individuals to follow mitigation steps and utilize free cyber defence services to protect themselves. Paul Chichester, NCSC Director of Operations, emphasized the persistent nature of this threat and the importance of remaining vigilant, particularly for those in sensitive sectors.<ref>{{Cite web |last=Allison |first=George |date=2024-10-01 |title=UK warns of Iranian state-sponsored phishing attacks |url=https://ukdefencejournal.org.uk/uk-warns-of-iranian-state-sponsored-phishing-attacks/ |access-date=2024-12-26 |language=en-GB}}</ref>
'''December'''
*FBI's Donald Trump appointment director Kash Patel successfully hacked.<ref>{{Cite web |last= |first= |date=2024-12-04 |title=Kash Patel, Trump's pick to lead FBI, has been targeted in an Iranian hack, sources say {{!}} CNN Politics |url=https://www.cnn.com/2024/12/03/politics/kash-patel-targeted-iran-hack/index.html |access-date=2025-03-21 |website=CNN |language=en}}</ref> *Cotton Sandstorm : Meta reported that they had successfully detected and taken down 48 accounts belonging to IRGC posing as anti west activists part of an influence op<ref>{{Cite web |title=threat-research/indicators/csv/Q3_2024/Q3_2024 IRAN_BASED_CIB_NETWORK.csv at main · facebook/threat-research |url=https://github.com/facebook/threat-research/blob/main/indicators/csv/Q3_2024/Q3_2024%20IRAN_BASED_CIB_NETWORK.csv |access-date=2025-03-21 |website=GitHub |language=en}}</ref><ref>{{Cite web |title=Adversarial Threat Report |url=https://scontent.fblr24-3.fna.fbcdn.net/v/t39.8562-6/468803217_3032365593577504_4214030314490019057_n.pdf?_nc_cat=100&ccb=1-7&_nc_sid=b8d81d&_nc_ohc=gNa84otj-bgQ7kNvgHWIH7o&_nc_zt=14&_nc_ht=scontent.fblr24-3.fna&_nc_gid=A6Ow7Lpusiu3cUxryupv9Th&oh=00_AYDX23onekeBK7SqpILJm2xxyfBKHp8lQllXBbXCAauC3Q&oe=6755CDD3 |archive-url=https://web.archive.org/web/20241204090231/https://scontent.fblr24-3.fna.fbcdn.net/v/t39.8562-6/468803217_3032365593577504_4214030314490019057_n.pdf?_nc_cat=100&ccb=1-7&_nc_sid=b8d81d&_nc_ohc=gNa84otj-bgQ7kNvgHWIH7o&_nc_zt=14&_nc_ht=scontent.fblr24-3.fna&_nc_gid=A6Ow7Lpusiu3cUxryupv9Th&oh=00_AYDX23onekeBK7SqpILJm2xxyfBKHp8lQllXBbXCAauC3Q&oe=6755CDD3 |archive-date=2024-12-04 |access-date=2026-03-19 |website=}}</ref>
===March 2025=== LabDookhtegan launched a cyberattack against Iranian oil rigs, jamming their communications and electronic guidance systems, while disrupting the satellite network connectivity of 116 ships.<ref>{{Cite web |date=2025-03-18 |title=Cyber group says it disrupted Iranian shipping communications |url=https://www.iranintl.com/en/202503182119 |access-date=2025-03-21 |website=www.iranintl.com |language=en}}</ref>
Codebreakers hackers released entire database records of [[bank Sepah]] from up to 1925.<ref>{{Cite web |title=بانک سپه: ادعای هکشدن اطلاعات کذب محض است؛ هکرها نمونه اطلاعات مشتریان را منتشر کردند |url=https://digiato.com/iran-technology-news/sepah-bank-denies-hacking-claims |access-date=2026-03-19 |website=دیجیاتو |language=fa-IR}}</ref>
Iranians hacked public announcement speakers from an Israeli kindergarten.<ref>{{Cite web |date=2025-01-27 |title=Iranian hacker group targets Israeli kindergartens' PA systems |url=https://www.iranintl.com/en/202501265679 |access-date=2025-03-21 |website=www.iranintl.com |language=en}}</ref> In the January 30th Iranians failed to hack Gemini accounts product of Google.<ref>{{Cite web |date=2025-01-29 |title=Generative AI makes Chinese, Iranian hackers more efficient, report says |url=https://www.voanews.com/a/generative-ai-makes-chinese-iranian-hackers-more-efficient-report-says/7956403.html |access-date=2025-03-21 |website=Voice of America |language=en}}</ref>
In February Minister of intelligence hacked 2 terabytes of data from Israeli police.<ref>{{Cite web |date=2025-02-09 |title=Israel denies Iran-linked hacking group breached police systems |url=https://www.iranintl.com/en/202502095006 |access-date=2025-03-21 |website=www.iranintl.com |language=en}}</ref>
In March, a 30,000-node DDoS botnet originating in Iran was discovered.<ref>{{Cite web |title=New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran |url=https://www.greynoise.io/blog/new-ddos-botnet-discovered |access-date=2025-03-21 |website=www.greynoise.io |language=en}}</ref>
*Thirty million users of Mobile Communications of Iran were hacked.<ref>{{cite web|url=https://digiato.com/iran-technology-news/hacker-group-claims-breach-of-hamrah-aval-servers |archive-url=https://web.archive.org/web/20250413015211/http://digiato.com/iran-technology-news/hacker-group-claims-breach-of-hamrah-aval-servers |archive-date=13 April 2025 |language=fa |date=23 March 2025 |title=یک گروه هکری مدعی نفوذ به سرورهای همراه اول شد |trans-title=A hacking group claimed to have infiltrated the servers of Mobile Telecommunications Company of Iran}}</ref>
===April 2025=== In April Iranian regime reported a cyber attack on regime infrastructure.<ref>{{Cite web |date=28 April 2025 |title=Iran repelled large cyber attack on Sunday |url=https://www.reuters.com/world/middle-east/iran-repelled-large-cyber-attack-sunday-2025-04-28/}}</ref>
===May 2025=== ''Unit 42'' discovered an Iranian APT35 sponsored fake german Mega Model agency fashion Modeling website collecting user data on behalf of fake AI generated identity Shir Benzion.<ref>{{Cite web |last=Unit 42 |date=2025-05-07 |title=Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation |url=https://unit42.paloaltonetworks.com/iranian-attackers-impersonate-model-agency/ |access-date=2026-03-19 |website=Unit 42 |language=en-US}}</ref>
In May 14 Prana group hack revealed masked identity of Majiz Azami, owner of Sepeher Energy Jahan and its subsidiary Energy Hamta Pars, a front company for Iranian Armed Forces Staff to be using Qatari's help to smuggle 65 million barrels of oil worth $4.2bn. The company was incorporated in Tehran in November 2022.<ref>{{Cite web |last=Anvari |first=Amirhadi |date=2025-05-12 |title=Iranian military front company masked identity to sell oil, documents show |url=https://www.iranintl.com/en/202505120898 |access-date=2026-03-19 |website=www.iranintl.com |language=en}}</ref>
In May 30 Meta reported Iranian regime influence operation network taken out.<ref>{{Cite web |title=Meta says it disrupted influence operations linked to China, Iran, Romania |url=https://therecord.media/meta-influence-operations-takedown-china-iran-romania |access-date=2026-03-19 |website=therecord.media |language=en}}</ref>
Iranian man Sina Qolinejas pleaded guilty to helping ransomware attack on City of Baltimore.<ref>{{Cite web |date=2025-05-27 |title=Office of Public Affairs {{!}} Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware {{!}} United States Department of Justice |url=https://www.justice.gov/opa/pr/iranian-man-pleaded-guilty-role-robbinhood-ransomware |access-date=2026-03-19 |website=www.justice.gov |language=en}}</ref>
===June 2025=== ESET reported they have had tracked a malware attack against Iraqi and Iraqi Kurdistan government targets attributed to oilrig subcluster.<ref>{{Cite web |last= |first= |title=Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware |url=http://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html |access-date=2026-03-19 |website=The Hacker News |language=en}}</ref>
=== 2026 === In March 2026, an Iran-linked hacking group known as [[Handala (hacker group)|Handala]] claimed responsibility for breaching the personal email account of FBI Director Kash Patel and publishing the emails and personal data online.<ref>{{Cite news |last=Sabin |first=Sam |date=March 27, 2026 |title=Iran-linked group claims hack of FBI Director Kash Patel |url=https://www.axios.com/2026/03/27/fbi-kash-patel-iran-cyberattack |access-date=March 27, 2026 |work=[[Axios (website)|Axios]]}}</ref><ref>{{Cite news |last=Tucker |first=Eric |date=March 27, 2026 |title=Pro-Iranian group claims credit for hack of FBI Director Kash Patel’s personal account |url=https://apnews.com/article/patel-iran-hacking-cyberscurity-9237ca30d1c85f237d7d83e6798d97f0 |access-date=March 29, 2026 |work=[[Associated Press]]}}</ref>
==Command and control== Iranian armed forces install malware apps for espionage on [[Android (operating system)|Android]] phones.<ref>{{Cite web |url=https://www.lookout.com/blog/iranian-spyware-bouldspy |title=Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy |access-date=2023-04-30 |archive-date=2023-05-01 |archive-url=https://web.archive.org/web/20230501045855/https://www.lookout.com/blog/iranian-spyware-bouldspy |url-status=live }}</ref> They could steal victims identity according to [[Microsoft]].<ref>{{cite web | url=https://blogs.microsoft.com/on-the-issues/2023/05/02/dtac-iran-cyber-influence-operations-digital-threat/ | title=Rinse and repeat: Iran accelerates its cyber influence operations worldwide | date=2 May 2023 }}</ref>
== Suspended Iranian accounts == On May 5, 2020, ''[[Reuters]]'' reported, quoting a monthly [[Facebook]] report, that Iranian state-run media had targeted hundreds of fake social media accounts to covertly spread pro-Iranian messaging, online since at least 2011, for secretly broadcasting online promotional messages in favor of Iran in order targeting voters in countries including Britain and the United States.<ref name=":REUTERS1">{{cite news |title=Facebook says it dismantles disinformation network tied to Iran's state media |url=https://www.reuters.com/article/us-iran-facebook/facebook-says-it-dismantles-disinformation-network-tied-to-irans-state-media-idUSKBN22H2DK |work=REUTERS |date=5 May 2020 |access-date=28 October 2021 |archive-date=21 August 2021 |archive-url=https://web.archive.org/web/20210821180131/https://www.reuters.com/article/us-iran-facebook/facebook-says-it-dismantles-disinformation-network-tied-to-irans-state-media-idUSKBN22H2DK |url-status=live }}</ref> Accounts were suspended for [[coordinated inauthentic behavior]], which removed eight networks in recent weeks, including one with links to the Islamic Republic of Iran Broadcasting.<ref name=":REUTERS1" />
== See also == * [[Islamic Revolutionary Guards Corps Cyber Security Command]] * [[Ashiyane]] * [[List of cyber warfare forces]] * [[Iranian Cyber Army]] * [[Iran Cyber Police]] * [[Communications in Iran]] * [[Monica Witt]] * [[Hybrid warfare against Iran]] * [[Iran Mission Center]] * [[Iranian external operations#Online]] ;Alleged operations and malware against Iran * [[Operation Olympic Games]] * [[Stuxnet]] * [[Flame (malware)|Flame]] * [[Duqu]] * [[Stars virus]] ;Alleged operations and malware by Iran * [[Foreign interference in the 2020 United States elections]] * [[Iranian influence operations in the UK]] * [[Mahdi (malware)|Mahdi]] * [[Shamoon]] * [[Operation Ababil]] * [[Operation Newscaster]] * [[Operation Cleaver]] * [[Yemen Cyber Army]] * [[Syrian Electronic Army]]
== References == {{reflist}}
== External links == * [https://www.fbi.gov/news/stories/2016/march/iranians-charged-with-hacking-us-financial-sector Iranians Charged with Hacking IS Financial sector] ([[FBI]])
{{Cyberwarfare by country}} {{Portal bar|Iran|Internet}}
[[Category:Cyberwarfare in Iran]]