Hacktivists leak videos of abuse in Iran Evin prison

A hacktivist group going by the name of Adalat Ali (Ali's Justice) has breached the internal CCTV system at Evin, a prison complex in Tehran where Iran houses most of its political prisoners, and leaked videos showing extensive prisoner abuse.

The videos were shared on Sunday with reporters from Radio Farda (Radio Free Europe)Iran International, and the Associated Press.


Timestamped to 2020 and 2021, the videos show Evin guards beating prisoners, prisoners attempting to commit suicide, or prisoners passing out and being dragged across hallways.

Fellow Iranian hacktivist group Tapandegan (Palpitations) has also helped promote the leaked videos, but they denied being involved in the operation, giving credit to the newer Aladat Ali faction.

Iranian officials did not deny the abuses portrayed in the leaked videos.

In statements shared on Twitter, Mohammad Jafar Montazeri, Iran's Attorney-General and the leader of Iran's judiciary, announced a formal investigation.

Mohammad Mehdi Haj-Mohammadi, head of Iran's prisons organizations, also formally took responsibility for the abuse at the prison complex and announced a similar investigation.

Evin Prison is known for human rights abuses against both male and female inmates, according to multiple past reports.

Evin hack took place months before but was never made public

But prior to the Adalat Ali leaks, the Iranian government also did not publicly disclose the hack, which the hackers said took place months before.

Details of what took place inside the prison's IT network are still unclear.

A video shared by the hackers themselves also shows the exact moment when they took over computers inside the prison's control room, rebooted systems, and blocked the hacked systems with the following message, that reads:


However, it is unclear from the video if the hackers also wiped systems and crippled the prison's IT network as well.

Over the past few months, Iranian organizations have been the targets of several destructive cyberattacks, such as the attack that crippled Iran's national railway system in July 2021 and an attack that blocked operations at the port of Bandar Abbas, the country's largest port in the Strait of Hormuz, in May 2020.

In a report published earlier this month, Israeli security firm Check Point linked the attack on Iran's railway to a hacktivist group they had been tracking as Indra.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.