Cyber Incident Victim: Mashhad airport

On May 24, 2018, hackers targeted Mashhad International Airport in Iran, defacing multiple display screens with anti-government messages protesting Iran’s military policies and regional activities. The attackers replaced standard airport information with political statements criticizing the Islamic Revolution Guards Corps (IRGC) for involvement in conflicts across Gaza, Lebanon, and Syria. Messages composed in Persian explicitly accused the IRGC of squandering Iranian financial resources and endangering citizens’ lives through foreign military engagements. This digital protest coincided with ongoing anti-government demonstrations that had originated in Mashhad in December 2017 before expanding nationwide. The hackers amplified their reach by compromising the email account of Mashhad airport’s civil aviation department head, using this access to disseminate their manifesto and encourage broader dissemination of the defacement imagery.

The incident disrupted normal airport operations as staff worked to remove the unauthorized content from affected systems. Radio Farda, a U.S.-based Persian-language news outlet, documented the defacement’s explicit references to regional conflicts and domestic grievances. Attackers urged the public to share photos of the hacked screens through social media channels using designated hashtags, leveraging visibility amid preexisting civil unrest. No claims of data exfiltration or secondary cyberattacks beyond the defacement and email compromise were reported. The operation highlighted tensions surrounding Iran’s military expenditures abroad while aligning with nationwide protests criticizing economic mismanagement and governance. Mashhad’s status as Iran’s second-largest city and a focal point for earlier demonstrations amplified the symbolic impact of the breach, though no long-term operational disruptions or security protocol overhauls were publicly confirmed following the incident.