Cyber Disruption Strikes Iran’s Major Bank Amid Escalating Israel-Iran Tensions
A pro-Israel hacking group has purportedly disrupted operations at Iran’s largest bank, Bank Sepah, amid intensifying hostilities between Israel and Iran, which are now into their fifth day. This incident highlights the intersection of cyber warfare and geopolitical conflict, drawing attention to the vulnerabilities of financial institutions.
The hacking collective, known as Gonjeshke Darande—translated as Predatory Sparrow—claimed responsibility for the attack on social media platform X. In its post, the group asserted that it collaborated with Iranian nationals to execute cyberattacks that compromised the data and infrastructure of Bank Sepah, which is government-owned and based in Tehran.
While the group’s claim has not been independently verified, reports indicate that access to Bank Sepah’s online services was disrupted on June 17, 2025. The private Iranian news agency Fararu confirmed that the bank’s infrastructure was impacted, leading to significant service outages. Customers reported difficulties withdrawing money from ATMs, as the bank’s operations were disrupted, affecting not only banking services but also gas stations that rely on its infrastructure for payment processing.
Bank Sepah, which oversees 1,800 domestic branches along with additional locations in Frankfurt, Paris, and Rome, has faced scrutiny in the past. Specifically, U.S. sanctions imposed in 2007 labeled the bank as a key financial entity supporting Iran’s missile programs. In 2016, sanctions were lifted as part of a broader international agreement aimed at curtailing Iran’s nuclear ambitions, only to be reinstated by the Trump administration in 2018 due to concerns regarding Iran’s regional behavior.
Predatory Sparrow’s post described Bank Sepah as a financial enabler for the Iranian regime’s military ambitions, asserting that the institution facilitated the financing of terrorist proxies and ballistic missile development. This claim underscores the significant role that international sanctions and cyber operations play in current geopolitical tensions.
Cybersecurity experts note that accusations from hacktivist groups are prevalent during regional conflicts, and while many claims may lack substantiation, the rapid attribution of responsibility for the disruptions suggests a sophisticated operational capability. The potential tactics employed in this attack could align with MITRE ATT&CK’s framework, particularly in areas such as initial access and operational disruption.
The group is noted for previous cyber activities against Iranian entities, which include attacks that led to substantial disruptions in Iran’s fuel supply and manufacturing infrastructure. The exact state sponsorship of Predatory Sparrow remains ambiguous, though its actions appear to be strategically timed with the ongoing violence between Israel and Iran, further complicating the conflict landscape.
This attack serves as a stark reminder to business owners in the cybersecurity realm about the potential threats posed by state-sponsored groups and hacktivists. It illuminates the necessity for robust cybersecurity measures and preparedness against both direct attacks and the broader implications of geopolitical tensions influencing cyber threat landscapes.
In summary, the situation not only underscores the capabilities of cyber actors but also illustrates the ramifications of geopolitical strife extending into the digital domain, making it imperative for organizations to reassess their cybersecurity strategies in light of evolving threats.
