For a few days, tensions between Israel and Iran have been increasing day by day, and now the conflict has spilled into the digital world; a near-total internet blackout was implemented by Iran, opposing the Israeli cyberattacks cited by the government spokesperson. As per the reports, on Tuesday, a pro-Israel hacking group took responsibility for a disruptive cyberattack on one of the biggest Iranian banks. They launched a cyberattack on a full scale throughout the country, targeting critical and sensitive infrastructure, as per Iran's state-run IRIB News. Iran's Fars News Agency reported about this cyberattack, which involved more than 6,700 distributed denial-of-service attacks over the past three days. DDoS attacks overwhelm the servers with false traffic and disrupt access to websites and online services.
According to NBC News, the two companies that track global internet connectivity, quoted that, Iran's internet connectivity plunged around 5:30 p.m. as per the local time, due to which, Iranians looses the ability to access and share information with the world. The internet blackout causes users to user serivces such as VPNs which is basically a virtual privte network that helps in accessing the foreign websites.
Amir Rashidi, director of Digital rights and security at Iran's Miaan Group, an nonprofit organisation, said "some Western apps for communicating, including WhatsApp and Instagram have been blocked" added to that, Google Play Store and App Store had been blocked in Iran.
The cyber rivalry between Iran and Israel spans two decades. Iran and Hamas have attempted several cyber attacks on Israel in past years, and these attacks include data destruction attacks and potential phishing campaigns, according to some articles on Google. There is a group that is widely popular for launching significant cyberattacks on Iran over the last five years; as per some sources, there is a claim made for cyber attacks against Iran's Bank Sepah, and it was made by Predatory Sparrow. And they called themselves "Hacktivist" organizations. Israel's Ministry for Foreign Affairs hasn't responded yet.
John Hultquist, chief analyst at Google's Threat Intelligence Group said, "Most disruptive and destructive cyberattacks are about influence and psychological impact rather than practical impact," he also added that, "That's why a lot of them involve an effort to publicize the incidents which oftentimes includes a fictitious hacktivist front."
Israel is widely popular at the global level for being the world's most advanced and capable country that can launch cyberattacks. As per some reports, in 2010, it was discovered that a cyberattack operation tied to the United States and Israel sabotaged hardware, which was believed to be responsible for the development of nuclear weapons for Iran. Known by the name Stuxnet, it is one of the most advanced and impactful hacking operations in history. Stuxnet shows how a cyberattack stands for a long time and is of the greatest importance to the Israel-Iran conflict when it spills into the digital world.
On Tuesday around 4 am, Predatory Sparrow, posted on both Telegram and X, they had successfully "destroyed the data" of Bank Sepah. they also claimed that the bank was involved in circumventing international sanctions. Till now, there is no comment has been made by the Bank Sepah.
Predatory Sparrow has been active since 2021. Some reports claimed that the group came into existence in public when they took credit for destroying data in Iran's national railway system. It is causing longer delays around the country. There are some more reports that says, Iran's Ministry of Roads and Urban Development were hit by the smae group of hackers around the same time with the same tool whihc are specially designed for the purpose of destroying system's files.
When it comes to talking about other attacks, Predatory Sparrow was blamed for targeting point-of-sale systems, also known as POS systems, which were used at Iranian gas stations. It was an attempt to hack the POS system, causing a malfunction in the automated systems at Iran's Khouzestan steel mill, where the molten steel spilled onto the steel plant's floor. The attempt also includes publicizing the alleged phone number of Iranian Supreme Leader Ali Khamenei.
According to some security experts, the attackers of Predatory Sparrow are unique because there is not much information about the hacks they caused. There is relatively little technical information about the hacks compared to similar campaigns done in the past. Predatory Sparrow is becoming widely popular for its special kind of destructive techniques that are responsible and capable of destroying the technical forensic evidence that analysts require to understand it.
There are also reports about the Predatory Sparrow that unofficially claim that the group has used social media platforms to promote its activity. This kind of activity is considered one of the tactics that experts say is proof that Predatory Sparrow has the objective or motive to make a psychological impact among people around the world. The cyberattack against Irna's Bank Sepah is also one of those where they are claiming it on social media and taking the credit for their own publicity push. Predatory Sparrow warning that "this is what happens to institutions dedicated to maintaining the dictator's terrorist fantasies."
On Wednesday, the Predatory Sparrow said they had also attempted to target Nobitex in a separate attack. Prominent crypto sleuth ZachXBT noted in a post on Telegram that he had observed "suspicious outflows" from Nobitex. It said that "an attacker appeared to have stolen more than US$81 million (RM344.25 million) in cryptocurrencies from the Tehran-based exchange."
Nobitex said in a statement posted on X that they had detected some signs of unauthorized access "specifically affecting internal communication systems and a segment of the hot wallet environment." Thankfully, the platform made a statement clear about users' wallet balances where they don't have to face any kind of loss. They quoted, "wallet balances would be restored "with no loss or discrepancy."
No more updates about this digital spillout between Iran and Israel have appeared yet, but as the current tensions increase, there can be a counterattack can be expected from both countries.