iranintl.com - A cyberattack during the 12-day Iran-Israel war destroyed banking data at major Iranian banks Sepah and Pasargad, halting services nationwide and triggering a high-stakes emergency response by an Iranian banking software firm, a senior engineer said.
“Nothing was accessible. Nothing was visible,” wrote Hamidreza Amouzegar, deputy head of product development at the software firm Dotin, in a LinkedIn post recounting the June 17 breach.
“We tried the backup site—same story there.”
The internet banking, mobile banking, and ATMs of the two banks remained largely non-functional until recently.
Dotin, a major provider of digital systems to Iranian banks, found itself at the center of the crisis.
“Sepah Bank’s primary data center had gone dark, with monitoring dashboards frozen and all stored data apparently corrupted,” he added.
When engineers attempted to switch over to the disaster recovery site, they found that it too had failed, with matching damage reported.
“At that point, the priority was no longer identifying the culprit or mapping the technical details,” Amouzegar wrote. “It was about getting public banking services back online—fast.”
To that end, he wrote, teams turned to Samsonite, a portable data center in a suitcase developed by Dotin following service disruptions in 2022. The system was designed to provide core banking functions—particularly card transactions—for short periods without reliance on the main network.
Nobitex, Iran’s largest cryptocurrency exchange, had also confirmed cyberattacks against its systems during the war.
The pro-Israel hacker group Predatory Sparrow, known for prior cyberattacks on Iran’s fuel infrastructure, claimed responsibility for "paralyzing" Sepah Bank and draining more than $90 million from Nobitex.
Sepah Bank is responsible for processing the payments of military personnel.
Pasargad Bank had already deployed Samsonite, allowing it to restore limited services by the early hours of June 19. Sepah, which had not yet installed the system, remained offline longer, Amouzegar added.
Basic card functionality there was only restored by June 20 after a full system rebuild from partial offline backups, he wrote.
“For a bank processing over a billion transactions monthly, losing just one day meant more than 30 million transactions vanished,” Amouzegar said.
Sepah’s full recovery took until June 27, during which time Samsonite processed more than 60 million transactions.
“The cyber war ended three days after the ceasefire,” he added. “But recovery will take months. What I’ve shared here is only a fragment of the story.”
therecord.media - Novabev Group, the Russian maker of Beluga Vodka and other brands, had to stop shipments and temporarily close stores in its WineLab subsidiary after a ransomware attack.
More than 2,000 WineLab liquor stores across Russia have remained shut for three days following a ransomware attack on their parent company, one of Russia’s largest alcohol producers. Signs on WineLab doors said the stores were closed due to “technical issues.”
The attack crippled parts of the Novabev Group’s infrastructure, affecting WineLab’s point-of-sale systems and online services. The company confirmed that the attackers had demanded a ransom but said it refused to negotiate.
“The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands,” Novabev Group said in a statement on Wednesday. There is no indication so far that customer data has been compromised, though an investigation is ongoing, the company added.
The identity of the attackers remains unknown. No ransomware group has claimed responsibility for the incident, and Novabev has not publicly attributed the attack.
Novabev Group is a major Russian producer and distributor of spirits, including the Beluga and Belenkaya vodka brands.
The cyberattack has halted product shipments from Novabev for at least two days, according to local retailers quoted by Russian media outlet Vedomosti. Customers also reported being unable to pick up orders from retail locations or parcel lockers, with customer service offering to extend storage periods for online purchases.
WineLab’s stores are currently closed in major cities, including Moscow, St. Petersburg and surrounding regions, according to location data from Yandex Maps. Novabev’s website and mobile app also remain offline.
Forbes Russia estimated that each day of downtime could cost WineLab 200 million to 300 million rubles ($2.6 million to $3.8 million) in lost revenue. Cybersecurity experts interviewed by Forbes said they could not recall a comparable case in which a major Russian retail chain was forced to shut down entirely due to a cyberattack.
Novabev said its internal IT team is working “around the clock” with external specialists to restore operations and strengthen defenses against future threats.
kyivindependent.com - The cyberattack allegedly destroyed large volumes of data and installed custom software designed to further damage the company's information systems.
Cyber specialists from Ukraine's military intelligence agency (HUR) carried out a large-scale cyberattack against the network infrastructure of Russian energy giant Gazprom, causing significant disruptions, a HUR source told the Kyiv Independent on July 18.
The Kyiv Independent could not independently verify these claims. Gazprom and Russian authorities have not publicly commented on the reported incident.
The alleged operation took place on July 17 and targeted systems used by Gazprom and its subsidiaries, which Ukraine's intelligence claims are directly involved in supporting Russia's war effort.
Gazprom is Russia's state-owned energy company, one of the world's largest gas producers and exporters.
The cyberattack allegedly destroyed large volumes of data and installed custom software designed to further damage the company's information systems.
"The degradation of Russian information systems to the technological Middle Ages continues," the source within the HUR told the Kyiv Independent.
"We congratulate Russian 'cyber specialists' on this new achievement and recommend they gradually replace their mice and keyboards with hammers and pincers."
