Cyber Incident Victim: Fars News Agency

On November 25, 2022, the Iranian state-affiliated Fars News Agency, operated by the Islamic Revolutionary Guard Corps (IRGC), experienced a significant cyberattack claimed by the hacktivist group Black Reward. The group announced it had breached the agency's systems, deleting approximately 250 terabytes of data from servers and computers. This data reportedly included confidential bulletins and directives sent to Supreme Leader Ali Khamenei’s office, recorded phone calls, internal administrative communications, news folders, image archives, and financial documents. Black Reward framed the attack as retaliation against the agency’s role in disseminating state propaganda and targeting anti-government protesters, explicitly linking their actions to the "Woman, Life, Freedom" movement sparked by Mahsa Amini’s death. The group issued warnings to other IRGC affiliates, threatening further disclosures and describing the compromised materials as evidence of the agency’s "black deeds."

Fars News Agency publicly disputed the scale of the breach, asserting that hackers only destroyed information from that day’s operations and that core databases remained intact. Concurrently, Black Reward hacked the Twitter account of Fars manager Habib Torkashvand, posting a video allegedly showing a journalist engaged in an indecent act at the agency’s office, which they claimed was captured by security cameras. The video circulated widely on Iranian social media, with some users identifying the individual as an economic editor at Fars. The agency denied the footage’s authenticity and any connection to its premises. The incident highlighted tensions between state-aligned media and hacktivists amid nationwide protests, with Black Reward leveraging both data destruction and reputational damage to undermine institutional credibility.