Iran

Iran operates as a sovereign state with governmental authority over critical national infrastructure spanning transportation, energy, finance, public services, and media sectors. Its responsibilities include managing entities such as the Railway Company, National Iranian Oil Company, Central Bank, state television networks, and municipal systems in Tehran, which provide essential public services and maintain economic operations. The organization’s digital footprint encompasses administrative networks, communication platforms, and service delivery systems that support these functions. Cyber incidents have repeatedly disrupted these services, exposing operational dependencies on interconnected digital infrastructure, such as railway scheduling, financial transactions, and public broadcasting.

Persistent cybersecurity vulnerabilities distinguish Iran’s technological landscape, characterized by incidents involving outdated software, insufficient defensive measures, and reliance on unsupported systems. Breaches like the 2022 Tehran municipality attack, which compromised security cameras and defaced websites, and the 2022 central bank intrusion disrupting financial operations, underscore systemic weaknesses in safeguarding critical assets. The 2024 railway network compromise further revealed exposure of sensitive documents, including employee records and operational maps, attributed to inadequate security protocols. State media infrastructure has also been targeted, with hackers hijacking broadcasts to display anti-government messages, reflecting recurring gaps in protecting high-visibility platforms. These incidents align with historical patterns, including the 2015 defacement of Iranian Ministry of Foreign Affairs websites by external hacktivist groups.

Iran’s cybersecurity challenges are compounded by its geopolitical positioning, attracting attacks from ideologically motivated collectives such as Anonymous, pro-Ukraine hacktivists, and groups like Turk Hack Team. Cyber operations against its infrastructure often coincide with political events, including protests over domestic policies like mandatory hijab laws or international actions such as supplying drones to Russia. Authorities have attributed several breaches to foreign actors like Mossad or exiled opposition groups, though internal vulnerabilities remain a consistent factor. The government’s tendency to downplay incident severity—as seen in its response to railway and central bank breaches—contrasts with attackers’ assertions of exposing fundamental security flaws. This dynamic highlights the tension between maintaining public confidence and addressing institutional cybersecurity shortcomings amid evolving threats.