Nobitex, Iran’s largest cryptocurrency exchange, was the target of a particularly destructive cyberattack. Hackers made off with millions of dollars in stolen cryptocurrency during the attack. An Iranian cyber-hacking group, Gonjeshke Darande, or Predatory Sparrow, took credit for the attack, ostensibly a pro-Israel hacking group. The cyberattack took place against the backdrop of rising hostilities between Iran and Israel.
The attack hit Nobitex, an Iranian cryptocurrency exchange that has more than seven million users, according to its claims. According to reports, the stolen cryptocurrency consisted of Bitcoin, Ethereum and Doge. The stolen crypto was later funneled to wallets holding anti-Iran propaganda that mention the Islamic Revolutionary Guard Corps (IRGC). These messages included variations of "F—IRGCterrorists".
Previous research revealed ties between Nobitex and IRGC-linked ransomware players. They uncovered connections to people with deep ties to Ayatollah Ali Khamenei. The IRGC is a major branch of Iran’s military. The United States, United Kingdom, European Union, and Canada have designated the IRGC as a terrorist entity.
Gonjeshke Darande took credit for the cyberattack. The hacking group, which had threatened to release Nobitex’s source code, claimed that the attack was meant to further weaken Iran. IRGC members had used Nobitex’s services.
The cyberattack took place on the same day that Iran and Israel exchanged missile fire for a sixth consecutive day. This implies an interesting possible connection between the cyberattack and the current regional war. The attack against Nobitex serves to further illustrate the increasingly pernicious overlap between cyber warfare and geopolitical tensions in the Middle East.
