Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)
TT
20

Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)

A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced the country's regime to agree to a ransom deal of millions of dollars, POLITICO reported on Thursday.

The newspaper said an Iranian firm paid at least $3 million in ransom last month to stop an anonymous group of hackers from releasing individual account data from as many as 20 domestic banks in what appears to be the worst cyberattack the country has seen, quoting industry analysts and western officials briefed on the matter.

A group known as IRLeaks, which has a history of hacking Iranian companies, was likely behind the breach, the officials said.

The hackers are said to have initially threatened to sell the data they collected, which included the personal account and credit card data of millions of Iranians, on the dark web unless they received $10 million in cryptocurrency, but later settled on a smaller sum.

Iran’s authoritarian regime pushed for a deal, fearing that word of the data theft would destabilize the country’s already-wobbly financial system, which is under intense strain amid the international sanctions the country faces, the officials said.

Iran never acknowledged the mid-August breach, which forced banks to shut down cash machines across the country.

IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector, the officials said.

Using Tosan, the hackers appear to have siphoned data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, including the Bank of Industry and Mines and the Post Bank of Iran.

Though the attack was reported at the time by Iran International, an opposition news outlet, neither the suspected hackers nor the ransom demands were disclosed.

Iran’s supreme leader delivered a cryptic message in the wake of the attack, blaming the US and Israel for “spreading fear among our people,” without acknowledging the country’s banks were under assault.

Despite the growing tensions between Iran and both the US and Israel, people familiar with the Iranian banking hack told POLITICO that IRLeaks is affiliated with neither the US nor Israel.



Arrests Made in Türkiye over Calls for Shopping Boycott to Support Istanbul's Imprisoned Mayor

Fine art university students shout slogans as they march past an Expresso Lab coffee bar during a peaceful protest after Istanbul's Mayor Ekrem Imamoglu was arrested and sent to prison, in Istanbul, Türkiye, Thursday, March 27, 2025. (AP Photo/Francisco Seco)
Fine art university students shout slogans as they march past an Expresso Lab coffee bar during a peaceful protest after Istanbul's Mayor Ekrem Imamoglu was arrested and sent to prison, in Istanbul, Türkiye, Thursday, March 27, 2025. (AP Photo/Francisco Seco)
TT
20

Arrests Made in Türkiye over Calls for Shopping Boycott to Support Istanbul's Imprisoned Mayor

Fine art university students shout slogans as they march past an Expresso Lab coffee bar during a peaceful protest after Istanbul's Mayor Ekrem Imamoglu was arrested and sent to prison, in Istanbul, Türkiye, Thursday, March 27, 2025. (AP Photo/Francisco Seco)
Fine art university students shout slogans as they march past an Expresso Lab coffee bar during a peaceful protest after Istanbul's Mayor Ekrem Imamoglu was arrested and sent to prison, in Istanbul, Türkiye, Thursday, March 27, 2025. (AP Photo/Francisco Seco)

Turkish police detained 11 people Thursday for supporting a shopping boycott as part of protests against the imprisonment of President Recep Tayyip Erdogan’s main rival, state-run media reported.

The Istanbul Chief Public Prosecutor’s Office issued arrest warrants for 16 suspects in an investigation into “hatred and discrimination” and “inciting hatred and hostility” among the public, the Anadolu news agency said.

Among the detained was actor Cem Yigit Uzumoglu, who played Sultan Mehmed the Conqueror in the Netflix docuseries “Rise of Empires: Ottoman,” the Actors’ Union said.

The suspects were held over social media posts calling on people to not to spend money on Wednesday and for businesses to shut their doors in solidarity during the daylong boycott, The AP news reported.

Large-scale anti-government protests began last month after the arrest of Istanbul's opposition Mayor Ekrem Imamoglu on corruption charges that critics say are politically motivated. The government insists the judiciary is independent and free of political interference.

Istanbul prosecutors on Tuesday launched a criminal investigation into earlier boycott calls by Imamoglu’s party targeting companies it alleges support the government. In particular, the opposition identified media firms that did not air images of protests in which hundreds of thousands of people flooded the streets to call for Imamoglu’s release and an end to democratic backsliding.

The leader of Imamoglu’s Republican People’s Party, or CHP, issued a warning after authorities blocked social media accounts supporting Wednesday's boycott.

“We know that you have closed hundreds of pages to date,” Ozgur Ozel wrote on X. “If you become a tool for anti-democratic practices today, if you implement access ban demands, think carefully about what this nation will do to you!”

While in prison, Imamoglu has been confirmed as the CHP's presidential candidate. The next election is currently scheduled for 2028 but is likely to take place earlier.

According to the independent ANKA News Agency, some 2,000 people have been detained since Imamoglu was arrested on March 19, with 316 jailed pending trial. Most face charges relating to participating in protests.

Lawyers for imprisoned protesters on Wednesday said many had suffered mistreatment. The government has not responded to the allegations but on Thursday the police issued a statement denying claims that women had been sexually assaulted in custody as “vile slanders.”