Cyber Incident Victim: Iran

On September 1, 2022, Iranian authorities publicly confirmed a cyberattack targeting the Central Bank of Iran (CBI), marking a significant breach of the country's financial infrastructure. The attack disrupted critical banking services, including online transaction processing and interbank communication systems, causing operational delays across multiple financial institutions. While Iranian officials did not immediately disclose the specific attack vectors, preliminary reports indicated unauthorized access to backend systems responsible for payment clearing and settlement operations. The disruption lasted approximately 72 hours before partial service restoration began, during which banks resorted to manual processing methods. The CBI issued a public statement acknowledging "technical abnormalities" in its systems while assuring customers their funds remained secure despite transactional inconveniences.

Iran's National Center for Cyberspace (NCC) assumed leadership of the incident response, coordinating with the CBI's cybersecurity team to isolate compromised servers and implement emergency patches. Forensic analysis revealed the attackers exploited vulnerabilities in legacy banking software that had not received recent security updates. The NCC publicly attributed the attack to "foreign threat actors" but refrained from naming specific groups or nations. Within days of containment, the CBI restored core banking functions through a combination of system rollbacks and enhanced network segmentation. The incident prompted the Iranian parliament to announce hearings reviewing cybersecurity preparedness across state financial institutions, though no legislative changes resulted immediately. Banking operations normalized fully within two weeks, with the CBI implementing additional monitoring protocols for international transaction gateways.