Cyber Incident Victim: Iran

On September 1, 2022, Iranian authorities confirmed a cyberattack targeting the Central Bank of Iran (CBI), disrupting financial services in Tehran and other regions. The attack impacted online banking platforms and ATM networks, causing widespread transaction failures and service outages for customers. Initial reports indicated unauthorized access to banking infrastructure, though the full technical scope remained under investigation. A hacktivist group calling itself "Adalat Ali" (Justice of Ali) claimed responsibility, alleging it had exfiltrated sensitive customer data, including account details and transaction records. The disruption persisted for multiple days, affecting interbank payment systems and delaying salary disbursements for some government employees. The CBI issued public advisories urging customers to avoid digital transactions until services stabilized, while branch offices experienced increased foot traffic due to the online outages.

Iran’s National Center for Cyberspace (NCC) acknowledged the incident and initiated a coordinated response with the CBI’s internal cybersecurity team. Forensic analysis revealed compromised servers hosting customer databases, though officials did not confirm the extent of data theft. Emergency patches were deployed to isolate affected systems, and backup servers were activated to restore limited functionality within 72 hours. The NCC attributed the attack to "foreign-based actors" but withheld technical attribution details. Service recovery remained partial for over a week, with lingering ATM cash withdrawal limits and delayed interbank transfers. The incident prompted temporary suspensions of international payment processing via Iranian banks, exacerbating economic strain amid existing sanctions. Public statements emphasized ongoing investigations but disclosed no further specifics regarding attacker methodologies or confirmed data breaches.