Cyber Incident Victim: Statistical Centre of Iran

On May 24, 2016, hackers targeted Iran’s Statistical Centre, temporarily disrupting its website and rendering it out of service. Iran’s cyber police, led by General Kamal Hadianfar, monitored the attack and traced the originating IP addresses to three Arab countries, with Saudi Arabia identified as the primary source. The attackers employed deceptive techniques to breach the center’s systems, though Hadianfar downplayed the technical sophistication of the intrusion. Iranian authorities compiled a detailed report documenting the hackers’ IP addresses and physical locations, which they submitted to Saudi Arabia through Interpol to facilitate legal action against the perpetrators. Initial reports on May 25 speculated about possible involvement by ISIS, but Hadianfar explicitly rejected this, stating the hacker had a prior record and had been identified by Iran’s Cyber Police (FATA).

The attack did not compromise sensitive or classified information, according to Brigadier General Gholam Reza Jalali, head of Iran’s Civil Defence Organization. He characterized the breach as superficial, limited to the "first layer" of defenses, and stated it caused no significant damage. Jalali interpreted the incident as an attempt by Saudi Arabia to demonstrate cyber capabilities rather than inflict substantive harm, aligning it with prior Saudi threats. In response, Iran announced plans to conduct specialized cyber defense war games in subsequent months to strengthen its resilience against future attacks. The Statistical Centre resumed normal operations after temporary disruptions, with no evidence of data exfiltration or persistent network compromise. Iranian officials framed the event as a manageable intrusion while emphasizing proactive measures to deter similar incidents.