SOCRadar® Cyber Intelligence Inc. | Collective Cyber Attacks by Hacktivists: What’s Going on in Iran?


Oct 20, 2022
6 Mins Read

Collective Cyber Attacks by Hacktivists: What’s Going on in Iran?

Iran is under the influence of a massive hacktivism attack that has recently begun and is still ongoing. The protests, which began following the death of a young Iranian woman named Masha Amini, echoed in the digital world. 

Masha Amini was detained on September 13 by the Iranian morality police. During detention, she went into a coma on the same day and was taken to the hospital. On September 16, unfortunately, she died in Tehran Hospital. 

Iranian official authorities announced that Masha died after a heart attack. However, her family and some Iranians blamed the police for her death. 

The protests started after the death of Masha Amini and spread to many cities, especially in the country’s western part, after her funeral in Saqqez on September 17. 

The protests, which resulted in violent clashes between demonstrators and security forces, brought digital restrictions

According to information obtained from the internet monitoring service NetBlocks, there was a complete blackout of internet service in some areas of western Iran on September 19. Just after that, there were partial blackouts in Tehran and other cities.

NetBlocks reported that the Iran authorities banned Internet services in some areas.
NetBlocks reported that the Iran authorities banned Internet services in some areas.

Anonymous in the Iran Protests 

On September 21, the two popular social media platforms permitted in the country, Instagram and WhatsApp, were restricted. Online platform restrictions were later expanded to include LinkedIn and Skype

In the meantime, the Anonymous collective launched the #OPIRAN campaign against the Iranian government to support the protesters. They invited threat actors for DDoS attacks on Iranian websites, data theft, and the public release of stolen data.

Anonymous invited threat actors for attacks on Iran
Anonymous invited threat actors for attacks on Iran

Members of the Anonymous collective targeted the Iranian government and regime supporters’ websites. In this regard, they claimed that they attacked the Presidental Website, the official website of Ali Khamenei, the national government Portal of Iran, the government spokesman Office, the Ministry of Cooperation, the Ministry of Labor and Social Welfare, the Ministry of Petroleum, the Ministry of Economic Affairs and Finance, the Iranian Intelligence and police websites, Islamic City Council of Tehran, Iran Center for e-Commerce Development, Iran Central Bank, the National Bank of Iran (Bank Mellat), Malek Ashtar University of Technology, Sharif University of Technology, Fars News, the Iranian State Media Agency (IRIB News Agency).

In addition, they defaced Iran’s Forensic Research Center website and claimed a 100MB SQL Database was breached. Anonymous group also claimed that they attacked Iranian Assembly, and their data, such as the phone numbers of Iranian parliament members, was leaked.

The Anonymous collective announced the seizure of several CCTV and web-connected surveillance cameras.

Furthermore, the Anonymous collective hacked the Iranian Teachers Fund database and sent an email to all members inviting them to strike in support of citizens.

Iran Teachers Fund hack

You can follow these accounts for ongoing activities:

Twitter: KromSecvalkanestorHugoCypherParrattarnaYourAnonOneanonymousopiranYourAnonVNPC

Telegram: Anonymous OpIranKromSec🏴‍☠️DDoS EMPIRE🏴‍☠️

Supports Against Internet Restrictions 

While protests are going on, some institutions and well-known figures have stood by the Iranian people. Elon Musk, CEO of Space X, is one of them.

Elon Musk declared his support for protesters in Iran
Elon Musk declared his support for protesters in Iran
Elon Musk declared his support for protesters in Iran

The Tor Project” has also published a user guide for Iranians to connect to the Tor Network to avoid restrictions and censorship imposed by the Iranian government.

Messaging application “Signal” also announced that it was blocked in Iran and published a guide on “how to reconnect to Signal by hosting a proxy server” for Iranians who want to use the app.

Recent Situation on Protests

Street demonstrations in Iran are still going strong, and there is still a lot of tension between the protesters and the security forces. The number of protesters being detained, hurt, and killed is rising because of this chaos. As seen below, especially news about this young woman Sarina Esmailzadeh, who lost her life, echoed in social media.

Sarina Esmailzadeh lost her life in the conflict between protesters and the Iran government
Sarina Esmailzadeh lost her life in the conflict between protesters and the Iran government

Lessons Learnt from the Incident 

Hacktivist groups frequently act with ideological motivations and seek to change the current system. Will the largest hacktivist collective, Anonymous, step up its actions so that the current political atmosphere in Iran can change in favor of the revolution that the protesters desire? Will they switch to more sophisticated attacks from their preferred DDoS attacks, how long these attacks last, and which crucial institutions and organizations will be targeted? The future will reveal all the answers. 

Iranian street demonstrations are reminiscent of the Arab Spring, which began in Tunisia at the end of 2010 and spread to many other nations. The events, which started with a Tunisian youth setting himself on fire in protest, evolved and expanded along with the Arab people’s demands for democracy, freedom, and human rights. Protests continued with armed conflicts. 

Single personal protest action in the Arab Spring gained a mass character and spread from nation to nation via social media. People use social media to organize demonstrations and facilitate communication. Social media has helped to blur borders and create a shared consciousness. Social media’s influence forces repressive regimes to impose restrictions on it. However, it is not easy to maintain internet censorship for an extended period. Technologies like Tor and VPN (Virtual Private Networks) can bypass such restrictions and censorship. 

On the contrary, the digital world is not only a platform where individuals can fight for their rights but also a hub for many cyber criminals. Known traditional methods cannot control underground hacking groups, and cyber threat intelligence is one of the effective weapons against them. Countries can improve their cyber security postures by taking proactive measures with the help of CTI (Cyber Threat Intelligence) solutions.