Analysis

The Israel-linked hacker group Predatory Sparrow has escalated its cyber operations against Iran, targeting key components of the nation's financial system, including the crypto exchange Nobitex and Sepah Bank. The group claims these entities facilitate sanctions Evasion and terrorist financing for the Iranian regime. Notably, the attack on Nobitex resulted in the reported destruction of over $90 million in cryptocurrency holdings, a distinctive act of burning assets rather than theft, underscoring a politically motivated agenda. Cryptocurrency tracing firm Elliptic corroborated Nobitex's links to sanctioned entities like the IRGC, Hamas, and Houthi rebels, and confirmed the $90 million was moved to 'vanity' addresses, effectively destroying the funds. Sepah Bank experienced website disruptions and alleged total data destruction, which, according to cybersecurity researcher Hamid Kashfi, led to significant collateral damage, with online banking and ATMs remaining offline, impacting civilian access to funds. Predatory Sparrow, known for previous highly disruptive attacks such as disabling Iranian gas station payment systems and causing physical damage to a steel mill, is described by Google's threat intelligence chief analyst John Hultquist as a 'very serious and very capable' actor, suggesting a potential for further significant cyberattacks. The shift in focus to Iran's financial sector, whether due to perceived vulnerability or strategic importance, signals an intensification of cyberwarfare with tangible economic and operational consequences.