Latest news with #Israel-linked
NBC News
2 days ago
- Business
- NBC News
Pro-Israel hackers attack Iran's largest crypto exchange, destroying $90 million
An anti-Iranian hacking group with possible ties to Israel announced an attack on one of Iran's largest cryptocurrency exchanges on Wednesday, destroying nearly $90 million and threatening to expose the platform's source code. A group known as Gonjeshke Darande, or 'Predatory Sparrow,' claimed the attack, making it the group's second operation in two days. On Tuesday the group claimed to have destroyed data at Iran's state-owned Bank Sepah amid the increasing hostilities and missile attacks between Israel and Iran. Wednesday's attack targeted Nobitex, one of Iran's largest cryptocurrency exchanges. The platform allegedly helps the Iranian government avoid sanctions and finance illicit operations around the world, the hackers claimed in a message posted to its social media channels early Wednesday. Nobitex's website was unavailable Wednesday. Messages sent to the company's support channel on Telegram were not returned. Gonjeshke Darande did not respond to requests for comment. Nobitex said in a post on X that it had pulled its website and app offline as it reviewed 'unauthorized access' to its systems. Gonjeshke Darande is an established hacking group with a history of sophisticated cyberattacks targeting Iran. A 2021 operation claimed by the group caused widespread gas station outages, while a 2022 attack targeting an Iranian steel mill caused a large fire and tangible, offline damage. Israel has never formally acknowledged that it is behind the group, although Israeli media has widely reported Gonjeshke Darande as 'Israel-linked.' Wednesday's attack started in the early hours of the morning when funds were moved to hacker-controlled wallets denouncing the Islamic Revolutionary Guard Corps (IRGC), according to blockchain analysis firm TRM Labs, which pegged the total theft at about $90 million across multiple types of cryptocurrencies. The way the hacker-controlled wallets were created suggests the hackers would not be able to access the stolen money, meaning that the hackers 'effectively burned the funds in order to send Nobitex a political message,' blockchain analysis firm Elliptic said in a blog post. Elliptic's post shared evidence that Nobitex had sent and received funds to cryptocurrency wallets controlled by groups hostile to Israel, including Palestinian Islamic Jihad, Hamas and Yemen's Houthis. Senators Elizabeth Warren and Angus King had raised concerns about Nobitex's role in enabling Iranian sanctions evasion in a May 2024 letter to top Biden administration officials, citing Reuters reporting from 2022. Andrew Fierman, head of national security intelligence with Chainalysis, confirmed in an email to Reuters that the value of the attack was roughly $90 million and that it was most likely geopolitically motivated, given that the money was burned. Chainalysis has 'previously seen IRGC-affiliated ransomware actors leveraging Nobitex to cash out proceeds, and other IRGC proxy groups leveraging the platform,' Fierman said.
NDTV
2 days ago
- Business
- NDTV
Iran Crypto Exchange Hit By Hackers, $90 Million Destroyed
An anti-Iranian hacking group with possible ties to Israel announced an attack on one of Iran's largest cryptocurrency exchanges on Wednesday, destroying nearly $90 million and threatening to expose the platform's source code. A group known as Gonjeshke Darande, or "Predatory Sparrow," claimed the attack, making it the group's second operation in two days. On Tuesday the group claimed to have destroyed data at Iran's state-owned Bank Sepah amid the increasing hostilities and missile attacks between Israel and Iran. Wednesday's attack targeted Nobitex, one of Iran's largest cryptocurrency exchanges. The platform allegedly helps the Iranian government avoid sanctions and finance illicit operations around the world, the hackers claimed in a message posted to its social media channels early Wednesday. Nobitex's website was unavailable Wednesday. Messages sent to the company's support channel on Telegram were not returned. Gonjeshke Darande did not respond to requests for comment. Nobitex said in a post on X that it had pulled its website and app offline as it reviewed "unauthorized access" to its systems. Gonjeshke Darande is an established hacking group with a history of sophisticated cyberattacks targeting Iran. A 2021 operation claimed by the group caused widespread gas station outages, while a 2022 attack targeting an Iranian steel mill caused a large fire and tangible, offline damage. Israel has never formally acknowledged that it is behind the group, although Israeli media has widely reported Gonjeshke Darande as "Israel-linked." Wednesday's attack started in the early hours of the morning when funds were moved to hacker-controlled wallets denouncing the Islamic Revolutionary Guard Corps (IRGC), according to blockchain analysis firm TRM Labs, which pegged the total theft at about $90 million across multiple types of cryptocurrencies. The way the hacker-controlled wallets were created suggests the hackers would not be able to access the stolen money, meaning that the hackers "effectively burned the funds in order to send Nobitex a political message," blockchain analysis firm Elliptic said in a blog post. Elliptic's post shared evidence that Nobitex had sent and received funds to cryptocurrency wallets controlled by groups hostile to Israel, including Palestinian Islamic Jihad, Hamas and Yemen's Houthis. Senators Elizabeth Warren and Angus King had raised concerns about Nobitex's role in enabling Iranian sanctions evasion in a May 2024 letter to top Biden administration officials, citing Reuters' reporting from 2022. Andrew Fierman, head of national security intelligence with Chainalysis, confirmed in an email to Reuters that the value of the attack was roughly $90 million and that it was likely geopolitically motivated, given that the money was burned. Chainalysis has "previously seen IRGC-affiliated ransomware actors leveraging Nobitex to cash out proceeds, and other IRGC proxy groups leveraging the platform," Fierman said.
The Hill
2 days ago
- Business
- The Hill
Pro-Israel group hacks Iran crypto exchange for over $90 million, firm says
An Israel-linked group appears to have hacked Iran's largest crypto exchange, Nobitex, transferring more than $90 million out of crypto wallets, according to the blockchain analytics firm Elliptic. The Israeli hacking group, known as Gonjeshke Darande or Predatory Sparrow, claimed early Wednesday that they had conducted cyberattacks against Nobitex, just one day after claiming responsibility for the hack of a state-owned Iranian bank. The latest hack comes amid increasing tensions between Iran and Israel, as the two sides volley attacks at one another following Tel Aviv's surprise attack on Tehran's nuclear facilities and missile sites last week. The hacked Nobitex funds are currently held by addresses that feature explicit language taking aim at Iran's Islamic Revolutionary Guard Corps (IRGC), underscoring the motivations behind the hack, according to Elliptic. The funds appear to have been effectively destroyed by the hacking group. Elliptic noted it is 'computationally infeasible' to create addresses with such long text strings, meaning the hackers likely do not have the private keys to access the funds. 'It's technically infeasible for them to have the private keys for these addresses, so the funds are lost,' Tom Robinson, co-founder of Elliptic, said in a statement. 'You can create crypto addresses containing specific text, but it becomes exponentially more computationally expensive as the length of the text increases,' he continued. 'This enabled the hacker to send a clear message, but at a very high cost.' The Israeli hacking group said it was targeting Nobitex for facilitating terrorism financing and sanctions evasion. Two IRGC operatives, who have been sanctioned by the U.S. for their ties to ransomware operations, have used the crypto exchange, according to Elliptic. The blockchain analytics company has also identified interactions between Nobitex and wallets associated with Hamas, Palestinian Islamic Jihad and the Houthis — all of which are designated as terrorist groups by the U.S. government. The potential for terrorist groups and other sanctioned entities to use crypto exchanges to evade restrictions has long been a concern about the industry. However, crypto advocates often argue it is easier to track and block illegal transactions over the blockchain.
WIRED
3 days ago
- Business
- WIRED
Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran's Financial System
Jun 18, 2025 10:40 AM After an attack on Iran's Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex. Photograph:The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system. Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violation and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them. 'These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,' the hackers posted to X. 'Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.' The incident follows another Predatory Sparrow attack on Iran's finance system on Wednesday, in which the same group targeted Iran's Sepah bank, claiming to have destroyed 'all' the bank's data in retaliation for its associations with Iran's Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military. 'Caution: Associating with the regime's instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,' the hackers wrote. 'Who's next?' Sepah Bank's website was offline yesterday but appeared to be working again today. The bank didn't respond to WIRED's request for comment. Nobitex's website was offline today and the company couldn't be reached for comment. As is often in the case in the fog of an unfolding war and its accompanying cyberattacks, what effects Predatory Sparrow's cyberattacks have had remain unclear. In the Nobitex attack, however, blockchain analysis reveals some of the details of Predatory Sparrow's sabotage: According to Elliptic, the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase 'FuckIRGCterrorists.' Those so-called 'vanity' addresses typically can't be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money. 'The hackers clearly have political rather than financial motivations,' says Tom Robinson, Elliptic's cofounder. 'The crypto they stole has effectively been burned.' Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen's Houthi rebels, and the Palestinian Islamic Jihad group. 'It's also an act of sabotage, by attacking a financial institution that was pivotal in Iran's use of cryptocurrency to evade sanctions,' Robinson says. Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel's military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country's critical infrastructure. The group has targeted Iran's railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group's own video of the attack posted to its YouTube account. Exactly why Predatory Sparrow has now turned its attention to Iran's financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google's threat intelligence group and a longtime tracker of Predatory Sparrow's attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences. 'This actor is very serious and very capable, and that's what separates them from many of the operations that we'll probably see in the coming weeks or months,' Hultquist says. 'A lot of actors are going to make threats. This is one that can follow through on those threats.'
&w=3840&q=100)
First Post
3 days ago
- Business
- First Post
Israeli hackers claim attack on Iran's state-owned bank, critical security websites
The hack comes amid increasing hostilities between Israel and Iran, after Israel attacked multiple military and nuclear targets in Iran last week. Both sides have launched multiple missile attacks against each other in the days since read more An anti-Iranian government hacking group with potential ties to Israel and a track record of destructive cyberattacks on Iran claimed in social media posts on Tuesday that it had destroyed data at Iran's state-owned Bank Sepah. The group — known as Gonjeshke Darande, or 'Predatory Sparrow' — hacked the bank because they accused it of helping fund Iran's military, according to one of the messages posted online. The hack comes amid increasing hostilities between Israel and Iran, after Israel attacked multiple military and nuclear targets in Iran last week. Both sides have launched multiple missile attacks against each other in the days since. STORY CONTINUES BELOW THIS AD Reuters could not immediately verify the attack on Bank Sepah. The bank's website was offline on Tuesday and its London-based subsidiary, Bank Sepah International plc, did not immediately respond to an emailed request for comment. Customers were having problems accessing their accounts, according to Israeli media, opens new tab Gonjeshke Darande did not respond to multiple messages sent via social media. 'Disrupting the availability of this bank's funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there,' Rob Joyce, the former top cybersecurity official at the NSA, said in a post on X. In 2022, Gonjeshke Darande claimed responsibility for a cyberattack against an Iranian steel production facility. The sophisticated attack caused a large fire at the facility, resulting in tangible, offline damage. Such attacks are usually beyond the capabilities of activist hackers, security experts say, and would be more in line with the capabilities of a nation state. The group has also been publicly linked by cybersecurity researchers to a 2021 cyberattack that caused widespread outages at gas stations across Iran. Israel has never formally acknowledged that it is behind the group, although Israeli media have widely reported Gonjeshke Darande as 'Israel-linked'.
