Predatory Sparrow Hackers Wage Cyberwar on Iran's Financial Infrastructure, WIRED Reports
Predatory Sparrow, a hacker group tied to Israeli intelligence, crippled Iran's Sepah Bank and Nobitex crypto exchange in major cyberattacks, destroying $90M in assets. WIRED reports link the group’s actions to anti-IRGC efforts amid rising Israel-Iran tensions.
By Kamaran Aziz
ERBIL (Kurdistan24) — The hacker group known as Predatory Sparrow, widely believed to be linked to Israeli intelligence, has escalated its cyberwarfare campaign against Iran by launching crippling attacks on key components of the country's financial infrastructure, according to a detailed report by WIRED magazine.
The group, which refers to itself in Farsi as Gonjeshke Darande, has claimed responsibility for a series of destructive cyberattacks, including a recent one on Iran's Sepah Bank and the cryptocurrency exchange Nobitex. In its post on X (formerly Twitter), the group alleged that Nobitex had enabled sanctions evasion and terror financing on behalf of the Iranian regime.
WIRED cited the cryptocurrency tracing firm Elliptic, which reported that Predatory Sparrow had destroyed more than $90 million in assets by transferring Nobitex's crypto holdings to blockchain addresses containing anti-IRGC slogans. These "vanity" addresses, typically unrecoverable, effectively burn the funds permanently, confirming what Elliptic's cofounder Tom Robinson called "a political rather than financial motivation."
Sepah Bank was also targeted in what the hackers claimed was total data destruction. Documents allegedly posted by the group appear to reveal ties between the bank and Iran's Islamic Revolutionary Guard Corps (IRGC), sparking widespread disruption to banking services, including the shutdown of online platforms and ATMs. Iranian cybersecurity expert Hamid Kashfi told WIRED that many civilians were unable to access their funds, describing the campaign as "damage and chaos" without distinction between military targets and civilian infrastructure.
The WIRED report contextualized the recent cyberattacks within the broader scope of Predatory Sparrow's aggressive operations. The group previously disabled gas station payment networks across Iran and infamously triggered a catastrophic fire at the Khouzestan steel plant in 2022, considered one of the most destructive cyber-physical attacks to date.
Blockchain analysis by Elliptic, referenced by WIRED, also confirmed Nobitex's connections to entities sanctioned for terrorism, including the IRGC, Hamas, Yemen's Houthis, and the Palestinian Islamic Jihad. "It was an act of sabotage," Robinson noted, as Nobitex had played a key role in Iran's use of cryptocurrency to bypass international sanctions.
The motivations behind the group’s focus on Iran’s financial system remain uncertain, said John Hultquist, a leading threat intelligence analyst at Google's Mandiant unit. However, he emphasized in his remarks to WIRED that Predatory Sparrow is "very serious and very capable" compared to other hacktivist operations, suggesting that this campaign may only be the beginning of more widespread cyber disruptions.
As the Israel-Iran conflict unfolds both on the battlefield and in cyberspace, WIRED's reporting underscores the growing significance of cyberwarfare in shaping geopolitical outcomes—with financial infrastructure now firmly in the crosshairs.
