Cyber Incident Victim: Bank Sepah

On early Tuesday, a hacking group known as Predatory Sparrow, also referred to by its Persian name Gonjeshke Darande, claimed responsibility for a cyberattack on Bank Sepah through a statement posted on the social media platform X. The group asserted that it had destroyed the bank’s infrastructure with the assistance of individuals it described as brave Iranians. They framed the operation as retaliation for the bank’s alleged role in financing Iran’s military and nuclear programs. The claim emerged amid heightened hostilities that included Israeli airstrikes on Iranian nuclear facilities and infrastructure and subsequent retaliatory strikes by Iran on Israeli targets.

According to local media outlets linked to Iran’s Islamic Revolutionary Guard Corps, the attack disrupted customer services at Bank Sepah, causing problems with account access, withdrawals, and card payments. The disruption was reported to have extended to Iran’s gas stations, which rely on the bank to process transactions for fuel purchases. Several Bank Sepah branches were closed following the incident, and some government employees and security personnel allegedly experienced delays in receiving their salaries. Recorded Future News noted that it could not independently verify the hackers’ claims or the reported impacts.

Neither Iranian officials nor Bank Sepah have issued any public comment regarding the alleged attack. Predatory Sparrow has previously claimed responsibility for cyberattacks targeting Iran’s state‑owned steel company, gas stations, and fuel distribution systems. Bank Sepah has been subject to U.S. sanctions since 2007 for accusations of assisting Iran’s missile development, a charge the bank denies. Separate reporting by the cybersecurity firm Radware indicated that, following the Israeli strikes, pro‑Iranian threat actors increased their activity on Telegram channels, discussing potential operations such as a cyberattack on Israel’s public emergency alert system.