Pro-Israel hackers claim breach of Iranian bank amid military escalation

A hacking group known as Predatory Sparrow, believed to be linked to Israel, has claimed responsibility for a cyberattack on an Iranian bank, saying it was retaliation for the institution’s alleged role in financing Iran’s military and nuclear programs.

The attack on Bank Sepah early Tuesday reportedly disrupted customer services, causing problems with account access, withdrawals, and card payments, according to local media outlets linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). 

The disruption may also have affected Iran’s gas stations, which rely on the bank to process transactions. The news comes as Iranians fled Tehran overnight over fears that the current conflict would escalate.

Several Bank Sepah branches were closed following the cyberattack, local reports said, and some government employees and security personnel allegedly experienced delays in receiving their salaries. Recorded Future News could not independently verify these claims. 

In a statement on X, the hackers said they had destroyed the bank’s infrastructure with help from “brave Iranians,” adding: “This is what happens to institutions dedicated to maintaining the dictator’s terrorist fantasies.”

The attack follows Israeli airstrikes on Iranian nuclear facilities and infrastructure, and retaliatory strikes by Iran on Israeli targets. Security experts say the conflict has expanded into cyberspace, prompting operations by state-backed hackers and affiliated hacktivist groups.

Predatory Sparrow — also known by its Persian name, Gonjeshke Darande — is widely believed to be linked to Israeli military intelligence. The group has previously claimed responsibility for high-profile cyberattacks targeting Iran’s state-owned steel company, gas stations, and fuel distribution systems.

Neither Iranian officials nor Bank Sepah have commented publicly on the group’s latest alleged attack. Bank Sepah was sanctioned by the U.S. in 2007 for allegedly helping Iran develop missiles capable of carrying nuclear warheads — an accusation it denies.

Although Israel does not officially acknowledge conducting offensive cyber operations, multiple high-impact cyber incidents targeting Iran’s fuel infrastructure, railways and industrial facilities have been attributed to Israeli state-linked groups, Tel Aviv-based cybersecurity firm Radware said in a report last week.

Following Israel’s strikes, Radware also observed increased activity from pro-Iranian threat actors on public and private Telegram channels. These groups reportedly discussed operations including a cyberattack on Israel’s public emergency alert system, which warns civilians of incoming missile threats.

Some pro-Iran groups have also issued warnings to neighboring countries, including Jordan and Saudi Arabia, cautioning that support for Israel could lead to cyberattacks on their national infrastructure.