Cyber Incident Victim: Iran

On or around June 1, 2022, a cyberattack disrupted multiple systems operated by the Tehran Municipality, coinciding with the anniversary of Islamic Republic founder Ruhollah Khomeini’s death. The group "Uprising until Overthrow," affiliated with the exiled opposition organization Mujahedin-e-Khalq (MEK), claimed responsibility for breaching municipal security cameras and defacing the municipality’s website. Attackers replaced the site’s content with a graphic featuring Supreme Leader Ali Khamenei’s face crossed by a red "X," images of MEK leaders Massoud and Maryam Rajavi, and text criticizing Khomeini. The Young Journalists Club reported disruptions to municipal surveillance camera networks, the My Tehran service portal, internal communication systems, and other unspecified infrastructure. Municipal ICT personnel confirmed a "deliberate disruption" temporarily blocked internal system access via an "insulting image," though full functionality was restored within minutes.

Tehran City Council head Mehdi Chamran attributed the attack on June 2 to "detailed planning" by Israel’s Mossad, the MEK (whom Iranian authorities routinely label "hypocrites"), and unspecified "counter-revolutionaries." He asserted the attack’s impact was limited to image defacement due to municipal responders’ efforts, with all systems reactivated by June 2. Council member Ali Asghar Ghaemi publicly apologized for service disruptions and urged municipal officials to address cybersecurity "shortcomings" by acquiring necessary tools, manpower, and equipment to resist future incidents. The incident followed multiple prior cyberattacks against Iranian infrastructure in early 2022, including breaches at Ghezel Hesar and Evin prisons claimed by the Edalat Ali hacker group and an April infrastructure attack thwarted by Iran’s AFTA presidential center. No data theft, prolonged outages, or physical damage were reported in the municipality incident.