(June 18): The conflict between Israel and Iran is spilling over into the digital world, inflaming a decades-long campaign of hacks and espionage between two nations renowned for their cyber prowess.

On Tuesday, a pro-Israel hacking group claimed responsibility for a disruptive cyberattack against a major Iranian bank, and Iran’s state-run IRIB News reported that Israel had launched a full-scale cyberattack on the country’s critical infrastructure. Then on Wednesday, the pro-Israel hackers announced a new breach targeting an Iranian crypto exchange.

Iran’s Fars News Agency, affiliated with the Islamic Revolutionary Guard Corps, reported that the country has endured more than 6,700 distributed denial-of-service attacks over the past three days. It said temporary internet restrictions were implemented as a measure to blunt the impact of large-scale cyberattacks. DDoS attacks overwhelm servers with artificial traffic, disrupting access to websites and online services.

Iranians were reporting widespread issues accessing the internet on Tuesday night with many virtual private networks (VPNs) rendered unusable. Customers also reported problems with banking services, including banking machines and online systems. It’s not clear if the problems were the result of cyberattacks or efforts by the government to minimise their impact.

The attacks tied to Israel herald a new front in the escalating Middle East conflict — but the countries’ cyber rivalry spans two decades.

Iran and its regional proxies, such as Hamas, have attempted a wide variety of cyberattacks against Israel in recent years — including information operations, data destruction attacks and phishing campaigns — with mixed results, according to data compiled by Google’s Threat Analysis Group.

Israel is widely considered one of the world’s most advanced and capable countries in launching cyberattacks. An operation called Stuxnet, uncovered in 2010 and tied to the US and Israel, sabotaged hardware believed to be responsible for Iran’s nuclear weapons development. One of the most advanced and impactful hacking operations in history, Stuxnet demonstrates the longstanding centrality of cyber in the Israel-Iran conflict.

Predatory Sparrow’s claims that it hacked Iran’s Bank Sepah and Iranian crypto exchange Nobitex are the latest manifestation of that digital tit-for-tat.

The group is known for launching significant cyberattacks against Iran over the last five years while maintaining the image of a “hacktivist” organisation. Many cybersecurity experts within private industry have suggested Predatory Sparrow is linked to the Israeli government.

Israel’s Ministry for Foreign Affairs didn’t respond to a request for comment. Predatory Sparrow couldn’t be reached for comment.

“Most disruptive and destructive cyberattacks are about influence and psychological impact rather than practical impact,” said John Hultquist, chief analyst at Google’s Threat Intelligence Group. “That’s why a lot of them involve an effort to publicise the incidents which oftentimes includes a fictitious hacktivist front.”

Predatory Sparrow posted on Telegram and X at 4am Tuesday New York time (4pm Malaysia) that it had successfully “destroyed the data” of Bank Sepah, claiming that the institution was used to circumvent international sanctions.

On Wednesday, the group said it had also targeted Nobitex in a separate attack. Prominent crypto sleuth ZachXBT noted in a post on Telegram that he had observed “suspicious outflows” from Nobitex and said that an attacker appeared to have stolen more than US$81 million (RM344.25 million) in cryptocurrencies from the Tehran-based exchange.

Bank Sepah couldn’t be reached for comment. Nobitex said in a statement posted on X that it had detected signs of unauthorised access “specifically affecting internal communication systems and a segment of the hot wallet environment”. The platform said users’ wallet balances would be restored “with no loss or discrepancy”.

Predatory Sparrow has been active since 2021. The group appeared in public when they took credit for destroying data in Iran’s national railway system, resulting in delays around the country. Iran’s Ministry of Roads and Urban Development was hit by hackers around the same time with the same tool designed to destroy computer files.

In other attacks, Predatory Sparrow was blamed for targeting point-of-sale systems at Iranian gas stations, causing a malfunction at Iran’s Khouzestan steel mill that caused molten steel to spill onto the steel plant’s floor and publicising the alleged phone number of Iranian Supreme Leader Ali Khamenei.

The attackers are unique in that there is relatively little technical information about their hacks compared to similar campaigns, according to security experts. Predatory Sparrow’s efforts tend to destroy the technical forensic evidence that analysts need to understand it.

Often, the group has used social media to promote its activity, a tactic that experts say is proof that Predatory Sparrow aims to have a psychological impact. The hack against Bank Sepah came with its own publicity push, with Predatory Sparrow warning that “this is what happens to institutions dedicated to maintaining the dictator’s terrorist fantasies”.

Uploaded by Arion Yeow