iranintl.com - A cyberattack during the 12-day Iran-Israel war destroyed banking data at major Iranian banks Sepah and Pasargad, halting services nationwide and triggering a high-stakes emergency response by an Iranian banking software firm, a senior engineer said.
“Nothing was accessible. Nothing was visible,” wrote Hamidreza Amouzegar, deputy head of product development at the software firm Dotin, in a LinkedIn post recounting the June 17 breach.
“We tried the backup site—same story there.”
The internet banking, mobile banking, and ATMs of the two banks remained largely non-functional until recently.
Dotin, a major provider of digital systems to Iranian banks, found itself at the center of the crisis.
“Sepah Bank’s primary data center had gone dark, with monitoring dashboards frozen and all stored data apparently corrupted,” he added.
When engineers attempted to switch over to the disaster recovery site, they found that it too had failed, with matching damage reported.
“At that point, the priority was no longer identifying the culprit or mapping the technical details,” Amouzegar wrote. “It was about getting public banking services back online—fast.”
To that end, he wrote, teams turned to Samsonite, a portable data center in a suitcase developed by Dotin following service disruptions in 2022. The system was designed to provide core banking functions—particularly card transactions—for short periods without reliance on the main network.
Nobitex, Iran’s largest cryptocurrency exchange, had also confirmed cyberattacks against its systems during the war.
The pro-Israel hacker group Predatory Sparrow, known for prior cyberattacks on Iran’s fuel infrastructure, claimed responsibility for "paralyzing" Sepah Bank and draining more than $90 million from Nobitex.
Sepah Bank is responsible for processing the payments of military personnel.
Pasargad Bank had already deployed Samsonite, allowing it to restore limited services by the early hours of June 19. Sepah, which had not yet installed the system, remained offline longer, Amouzegar added.
Basic card functionality there was only restored by June 20 after a full system rebuild from partial offline backups, he wrote.
“For a bank processing over a billion transactions monthly, losing just one day meant more than 30 million transactions vanished,” Amouzegar said.
Sepah’s full recovery took until June 27, during which time Samsonite processed more than 60 million transactions.
“The cyber war ended three days after the ceasefire,” he added. “But recovery will take months. What I’ve shared here is only a fragment of the story.”
bankinfosecurity.com - Hacker Claims to Have Exploited Flaw in Oracle WebLogic Server, Sold Stolen Data
A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world's smallest countries, notified customers of a hack, but said only personal information - not money - was stolen.
The archipelago nation in the Indian Ocean, located northeast of Madagascar, sports 98,000 inhabitants, ranks as the richest country in Africa and has a reputation for being a tax haven.
Seychelles Commercial Bank on Friday said it "recently identified and contained a cybersecurity incident, which has resulted in its internet banking services being temporarily suspended," and requested customers "make use of our ATMs or visit one of our branches during normal banking hours."
In its breach notification, the bank told customers: "SCB regrets to inform that this cyber incident resulted in unintentional exposure of personal information of internet banking customers only. The bank reassures all its internet banking customers that no funds have been accessed."
The pro-Israeli hacktivist group Predatory Sparrow claimed on Tuesday to have hacked and taken down Iran’s Bank Sepah.
The group, which is also known by its Persian name Gonjeshke Darande, claimed responsibility for the hack on X.
“We, ‘Gonjeshke Darande,’ conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps’ ‘Bank Sepah,’” the group wrote.
The group claimed Bank Sepah is an institution that “circumvented international sanctions and used the people of Iran’s money to finance the regime’s terrorist proxies, its ballistic missile program and its military nuclear program.”
According to the independent news site Iran International, there are reports of “widespread banking disruptions” across the country. Iran International said several Bank Sepah branches were closed on Tuesday, and customers told the publication that they were unable to access their accounts.
Ariel Oseran, a correspondent for i24NEWS, posted pictures of ATMs in Iran displaying an error message.
TechCrunch could not independently verify the group’s alleged cyberattack. We reached out to two Bank Sepah Iranian email addresses, but the messages returned an error. Bank Sepah’s affiliates in the U.K. and Italy did not immediately respond to requests for comment.
Predatory Sparrow did not respond to a request for comment sent to their X account, and via Telegram.
The alleged cyberattack on Bank Sepah comes as Israel and Iran are bombing each other’s countries, a conflict that started after Israel began targeting nuclear energy facilities, military bases, and senior Iranian military officials on Friday.
It’s unclear who is behind Predatory Sparrow. The group clearly fashions itself as a pro-Israel or at least anti-Iran hacktivist group and has targeted companies and organizations in Iran for years. Cybersecurity researchers believe the group has had success in the past and made credible claims.
The concept is simple, the FBI explains: “Scammers impersonate bank reps to convince victims that hackers have infiltrated their financial account. Victims are urged to move their money fast to protect their assets. In reality, there was never a hacker, and the money that was wired is now fully controlled by the scammer.”
China's largest bank, ICBC, was hit by ransomware that resulted in disruption of financial services (FS) systems on Thursday Beijing time, according to a notice on its website
Chinese bank says it has contained a hack that affected some fixed income and equities transactions
