عربي English Türkçe اردو فارسى
Logo
Latest News
World

Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)
TT
20
TT

Iran Pays Millions in Ransom to End Cyberattack on Banks

Iranians at a bank branch in Tehran (IRNA)
Iranians at a bank branch in Tehran (IRNA)

A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced the country's regime to agree to a ransom deal of millions of dollars, POLITICO reported on Thursday.

The newspaper said an Iranian firm paid at least $3 million in ransom last month to stop an anonymous group of hackers from releasing individual account data from as many as 20 domestic banks in what appears to be the worst cyberattack the country has seen, quoting industry analysts and western officials briefed on the matter.

A group known as IRLeaks, which has a history of hacking Iranian companies, was likely behind the breach, the officials said.

The hackers are said to have initially threatened to sell the data they collected, which included the personal account and credit card data of millions of Iranians, on the dark web unless they received $10 million in cryptocurrency, but later settled on a smaller sum.

Iran’s authoritarian regime pushed for a deal, fearing that word of the data theft would destabilize the country’s already-wobbly financial system, which is under intense strain amid the international sanctions the country faces, the officials said.

Iran never acknowledged the mid-August breach, which forced banks to shut down cash machines across the country.

IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector, the officials said.

Using Tosan, the hackers appear to have siphoned data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, including the Bank of Industry and Mines and the Post Bank of Iran.

Though the attack was reported at the time by Iran International, an opposition news outlet, neither the suspected hackers nor the ransom demands were disclosed.

Iran’s supreme leader delivered a cryptic message in the wake of the attack, blaming the US and Israel for “spreading fear among our people,” without acknowledging the country’s banks were under assault.

Despite the growing tensions between Iran and both the US and Israel, people familiar with the Iranian banking hack told POLITICO that IRLeaks is affiliated with neither the US nor Israel.

Most Viewed

 
World

Gabbard Calls Signal Chats a ‘Mistake’ as Trump Officials Face Grilling over Leaked Military Plan

(L-R) Director of the National Security Agency, Gen. Timothy Haugh; FBI Director, Kash Patel; Director of National Intelligence, Tulsi Gabbard; CIA Director, John Ratcliffe; and Director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse testify before a House Permanent Select Committee on Intelligence hearing on "Worldwide Threats," on Capitol Hill in Washington, DC, on March 26, 2025. (AFP)
(L-R) Director of the National Security Agency, Gen. Timothy Haugh; FBI Director, Kash Patel; Director of National Intelligence, Tulsi Gabbard; CIA Director, John Ratcliffe; and Director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse testify before a House Permanent Select Committee on Intelligence hearing on "Worldwide Threats," on Capitol Hill in Washington, DC, on March 26, 2025. (AFP)
TT
20
TT

Gabbard Calls Signal Chats a ‘Mistake’ as Trump Officials Face Grilling over Leaked Military Plan

(L-R) Director of the National Security Agency, Gen. Timothy Haugh; FBI Director, Kash Patel; Director of National Intelligence, Tulsi Gabbard; CIA Director, John Ratcliffe; and Director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse testify before a House Permanent Select Committee on Intelligence hearing on "Worldwide Threats," on Capitol Hill in Washington, DC, on March 26, 2025. (AFP)
(L-R) Director of the National Security Agency, Gen. Timothy Haugh; FBI Director, Kash Patel; Director of National Intelligence, Tulsi Gabbard; CIA Director, John Ratcliffe; and Director of the Defense Intelligence Agency, Lt. Gen. Jeffrey Kruse testify before a House Permanent Select Committee on Intelligence hearing on "Worldwide Threats," on Capitol Hill in Washington, DC, on March 26, 2025. (AFP)

Director of National Intelligence Tulsi Gabbard said Wednesday it was a "mistake" for national security officials to discuss sensitive military plans on a group text chain that also included a journalist — a leak that has roiled President Donald Trump's national security leadership.

Speaking before the House Intelligence Committee, Gabbard said the conversation included "candid and sensitive" information about military strikes against Houthi rebels in Yemen. But as she told senators during testimony on Tuesday, she said the texts did not contain any classified information.

"It was a mistake that a reporter was inadvertently added," Gabbard said.

Wednesday's hearing was called to discuss an updated report on national security threats facing the US Instead, much of the focus was on the text chain, which included Gabbard, CIA Director John Ratcliffe, Secretary of Defense Pete Hegseth, Vice President JD Vance and other top officials.

Jeffrey Goldberg, the editor-in-chief of The Atlantic, was also added, and on Wednesday his publication released more details from the chats, showing the level of detail they offered about the strikes.

Democrats have demanded an investigation into the sloppy communication, saying it may have exposed sensitive military information that could have jeopardized the mission or put US service members at risk.

The National Security Council has said it will investigate the matter, which Trump on Tuesday downplayed as a "glitch." Goldberg said he received the Signal invitation from Mike Waltz, Trump’s national security adviser, who was in the group chat and has taken responsibility for the lapse.

Even though the texts contained detailed information on military actions, Gabbard, Ratcliffe and the White House have all said none of the information was classified — an assertion Democrats flatly rejected on Wednesday.

"You all know that's a lie," Rep. Joaquin Castro, D-Texas, told Ratcliffe and Gabbard, who said that any decisions to classify or declassify military information falls to the secretary of defense.

Several Democrats on the panel said Hegseth should resign because of the leak.

"This is classified information. It’s a weapon system, as well as a sequence of strikes, as well as details of the operations," said Rep. Raja Krishnamoorthi, a Democrat from Illinois. "He needs to resign immediately."

Ratcliffe defended his use of Signal as "appropriate" and said questions over the Signal leak have overshadowed the military operation targeting the Houthis.

"What is most important is that the mission was a remarkable success," he told lawmakers. "That’s what did happen, not what possibly could have happened."

The discussion at times grew heated as Ratcliffe and Democratic lawmakers spoke over one another. At one point, Rep. Jimmy Gomez, an Illinois Democrat, asked whether he knew whether Hegseth was drinking alcohol when he participated in the chat.

"I think that’s an offensive line of questioning," Ratcliffe angrily replied. "The answer is no."

Ratcliffe and Gomez then began shouting over each other as Gomez sought to ask a follow-up question. "We want to know if his performance is compromised," Gomez said.

Wednesday's hearing was called to discuss the intelligence community's annual report on threats to American national security. The report lists China, Russia, Iran and North Korea as strategic adversaries, and notes that drug cartels and transnational criminal organizations pose other threats to Americans.

The presentations from top Trump appointees reflect Trump's foreign policy priorities, including a focus on combating the flow of fentanyl, illegal immigration and human trafficking, and are taking place as Trump attempts to work out a ceasefire between Russia and Ukraine three years after Russia's invasion.