Threat analysis by The RabitaNoor (RBTN) Cyber Research Center
Predatory Sparrow's Cyberwar on Iran's Financial System
The goals of this document is to provide technical and strategic analysis of a much larger document, audio etc.
The document is a product of the RBTN - CYOI Pulpit
Photo by Yeshi Kangrang
Document Summary
The article discusses the cyberattacks by the Israel-linked hacker group Predatory Sparrow on Iran's financial system, specifically targeting Sepah bank and the crypto exchange Nobitex. The group, known for its aggressive tactics, destroyed over $90 million in crypto assets at Nobitex, accusing it of enabling sanctions violations and terrorist financing. The attacks have caused significant disruption, with Sepah's online banking and ATMs offline, affecting civilians' access to funds. Predatory Sparrow's actions are politically motivated, aiming to sabotage Iran's financial infrastructure. The group has a history of targeting Iran's critical infrastructure, including gas stations and steel mills. The article includes insights from cybersecurity experts and highlights the potential for further cyber operations in the ongoing conflict.
Analysis
Overview
Timestamp: 2025-06-18
Title: Predatory Sparrow's Cyberwar on Iran's Financial System
Severity: High
The Predatory Sparrow group, linked to Israel, executed a politically motivated cyberattack on Iran's financial system, targeting Sepah bank and Nobitex crypto exchange. Their capabilities include advanced data destruction techniques, and their infrastructure targets financial institutions. The victims are primarily Iranian financial entities, with significant impact on their operations.
Adversary
Adversary: Predatory Sparrow, an Israel-linked hacker group known for aggressive cyberwarfare tactics.
Motivation: Political, targeting Iran's financial infrastructure to disrupt and sabotage.
Sophistication: High, with capabilities to execute complex and destructive cyberattacks.
TTPs:
- Data destruction, financial sabotage, infrastructure disruption.
Capability
Capability: Advanced cyber capabilities to execute destructive attacks on financial systems.
Tools: Custom scripts for crypto asset destruction.
Evasion: Use of vanity addresses to destroy crypto assets.
Infrastructure
Description: Targeted Iranian financial institutions and crypto exchanges.
Victim Profile
Targets: Iranian financial institutions, specifically Sepah bank and Nobitex crypto exchange.
Industry: Financial
Assets: Crypto assets, financial data.
Data at Risk: Financial data, crypto holdings.
Impact: High, with widespread disruption to financial services.
References
israels-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system
Predatory Sparrow Hacks Iran's Financial System
What the Israel-Iran conflict revealed about wartime cyber ...
Predatory Sparrow Hacks Iran's Financial System
Pro-Israel hackers take credit after $90 million stolen from ...