iranintl.com - A cyberattack during the 12-day Iran-Israel war destroyed banking data at major Iranian banks Sepah and Pasargad, halting services nationwide and triggering a high-stakes emergency response by an Iranian banking software firm, a senior engineer said.
“Nothing was accessible. Nothing was visible,” wrote Hamidreza Amouzegar, deputy head of product development at the software firm Dotin, in a LinkedIn post recounting the June 17 breach.
“We tried the backup site—same story there.”
The internet banking, mobile banking, and ATMs of the two banks remained largely non-functional until recently.
Dotin, a major provider of digital systems to Iranian banks, found itself at the center of the crisis.
“Sepah Bank’s primary data center had gone dark, with monitoring dashboards frozen and all stored data apparently corrupted,” he added.
When engineers attempted to switch over to the disaster recovery site, they found that it too had failed, with matching damage reported.
“At that point, the priority was no longer identifying the culprit or mapping the technical details,” Amouzegar wrote. “It was about getting public banking services back online—fast.”
To that end, he wrote, teams turned to Samsonite, a portable data center in a suitcase developed by Dotin following service disruptions in 2022. The system was designed to provide core banking functions—particularly card transactions—for short periods without reliance on the main network.
Nobitex, Iran’s largest cryptocurrency exchange, had also confirmed cyberattacks against its systems during the war.
The pro-Israel hacker group Predatory Sparrow, known for prior cyberattacks on Iran’s fuel infrastructure, claimed responsibility for "paralyzing" Sepah Bank and draining more than $90 million from Nobitex.
Sepah Bank is responsible for processing the payments of military personnel.
Pasargad Bank had already deployed Samsonite, allowing it to restore limited services by the early hours of June 19. Sepah, which had not yet installed the system, remained offline longer, Amouzegar added.
Basic card functionality there was only restored by June 20 after a full system rebuild from partial offline backups, he wrote.
“For a bank processing over a billion transactions monthly, losing just one day meant more than 30 million transactions vanished,” Amouzegar said.
Sepah’s full recovery took until June 27, during which time Samsonite processed more than 60 million transactions.
“The cyber war ended three days after the ceasefire,” he added. “But recovery will take months. What I’ve shared here is only a fragment of the story.”
