Sirens Over Tel Aviv After Missiles Launched From Iran
Sirens sounded across Tel Aviv early Wednesday morning as air defense systems intercepted projectiles that were fired at Israel. (Source: Bloomberg)
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
WIRED
34 minutes ago
- WIRED
Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran's Financial System
Jun 18, 2025 10:40 AM After an attack on Iran's Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex. Photograph:The Israel-linked hacker group known as Predatory Sparrow has carried out some of the most disruptive and destructive cyberattacks in history, twice disabling thousands of gas station payment systems across Iran and once even setting a steel mill in the country on fire. Now, in the midst of a new war unfolding between the two countries, they appear to be bent on burning Iran's financial system. Predatory Sparrow, which often goes by its Farsi name, Gonjeshke Darande, in an effort to appear as a homegrown hacktivist organization, announced in a post on on its X account Wednesday that it had targeted the Iranian crypto exchange Nobitex, accusing the exchange of enabling sanctions violation and terrorist financing on behalf of the Iranian regime. According to cryptocurrency tracing firm Elliptic, the hackers destroyed more than $90 million in Nobitex holdings, a rare instance of hackers burning crypto assets rather than stealing them. 'These cyberattacks are the result of Nobitex being a key regime tool for financing terrorism and violating sanctions,' the hackers posted to X. 'Associating with regime terror financing and sanction violation infrastructure puts your assets at risk.' The incident follows another Predatory Sparrow attack on Iran's finance system on Wednesday, in which the same group targeted Iran's Sepah bank, claiming to have destroyed 'all' the bank's data in retaliation for its associations with Iran's Islamic Revolutionary Guard Corps, and posting documents that appeared to show agreements between the bank and the Iranian military. 'Caution: Associating with the regime's instruments for evading sanctions and financing its ballistic missiles and nuclear program is bad for your long-term financial health,' the hackers wrote. 'Who's next?' Sepah Bank's website was offline yesterday but appeared to be working again today. The bank didn't respond to WIRED's request for comment. Nobitex's website was offline today and the company couldn't be reached for comment. As is often in the case in the fog of an unfolding war and its accompanying cyberattacks, what effects Predatory Sparrow's cyberattacks have had remain unclear. In the Nobitex attack, however, blockchain analysis reveals some of the details of Predatory Sparrow's sabotage: According to Elliptic, the eight-figure sum stolen from the exchange was moved to a series of crypto addresses that all started with variations on the phrase 'FuckIRGCterrorists.' Those so-called 'vanity' addresses typically can't be created in any way that offers control or recovery of funds held there, so Elliptic concludes that moving funds to those addresses was instead a pointed method of destroying the money. 'The hackers clearly have political rather than financial motivations,' says Tom Robinson, Elliptic's cofounder. 'The crypto they stole has effectively been burned.' Elliptic also confirmed in its blog post about the attack that crypto tracing shows Nobitex does in fact have links with sanctioned IRGC operatives, Hamas, Yemen's Houthi rebels, and the Palestinian Islamic Jihad group. 'It's also an act of sabotage, by attacking a financial institution that was pivotal in Iran's use of cryptocurrency to evade sanctions,' Robinson says. Predatory Sparrow has long been one of the most aggressive cyberwarfare-focused groups in the world. The hackers, who are widely believed to have links to Israel's military or intelligence agencies, have for years targeted Iran with an intermittent barrage of carefully planned attacks on the country's critical infrastructure. The group has targeted Iran's railways with data-destroying attacks and twice disabled payment systems at thousands of Iranian gas stations, triggering nationwide fuel shortages. In 2022, it carried out perhaps the most physically destructive cyberattack in history, hijacking industrial control systems at the Khouzestan steel mill to cause a massive vat of molten steel to spill onto the floor, setting the plant on fire and nearly burning staff there alive, as shown in the group's own video of the attack posted to its YouTube account. Exactly why Predatory Sparrow has now turned its attention to Iran's financial sector—whether because it sees those financial institutions as the most consequential or merely because its banks and crypto exchanges were vulnerable enough to offer a target of opportunity—remains unclear for now, says John Hultquist, chief analyst on Google's threat intelligence group and a longtime tracker of Predatory Sparrow's attacks. Almost any conflict, he notes, now includes cyberattacks from hacktivists or state-sponsored hackers. But the entry of Predatory Sparrow in particular into this war suggests there may yet be more to come, with serious consequences. 'This actor is very serious and very capable, and that's what separates them from many of the operations that we'll probably see in the coming weeks or months,' Hultquist says. 'A lot of actors are going to make threats. This is one that can follow through on those threats.'
TechCrunch
an hour ago
- TechCrunch
Hackers steal and destroy millions from Iran's largest crypto exchange
Iran's largest crypto exchange, Nobitex, said Wednesday that it was hacked and funds have been drained from its hot wallet. In a statement on its website translated by TechCrunch, Nobitex said it detected unauthorized access to its infrastructure and hot wallet, in which the company stores a portion of its customers' cryptocurrency. The company said it was investigating the incident, and that its website and app would be unavailable for the foreseeable future. Public records show the hackers stole at least $90 million of the company's assets over multiple transactions. Blockchain analysis firm Elliptic said the hackers 'burned' the stolen funds by sending the crypto to inaccessible wallets, effectively taking the money out of circulation. Nobitex has more than 10 million customers, according to an archived copy of Nobitex's website from last week. Pro-Israel hacking group Predatory Sparrow (also known in Farsi as 'Gonjeshke Darande') took credit for the cyberattack. In a post on X, the group said it targeted Nobitex for allegedly financing terrorism for the Iranian regime and evading international sanctions. A day earlier, the hacking group also claimed responsibility for a hack on Iran's Bank Sepah resulting in widespread outages at ATMs across the country. News of the cyberattacks comes as Israel and Iran attack each other's cities. It's not clear who is behind Predatory Sparrow, which first appeared in 2021, but the hacking group has targeted Iranian organizations with destructive cyberattacks in the past, and broadly appears aligned with Israeli interests. Iranian news outlet IRIB said Tuesday that amid the ongoing military conflict, Israel had 'launched a massive cyber war against [Iran's] digital infrastructure to disrupt the process of providing services.'
CNBC
an hour ago
- CNBC
Pro-Israel hackers destroy $90 million in Iran crypto exchange breach, analytics firm says
Iran's largest cryptocurrency exchange, Nobitex, was hacked for more than $90 million Wednesday, according to blockchain analytics firm Elliptic. The funds were drained from platform wallets into addresses bearing anti-government messages explicitly referencing Iran's Islamic Revolutionary Guard Corps, or IRGC, pointing to a politically motivated cyberattack, Elliptic said. Pro-Israel hacking group Gonjeshke Darande, or "Predatory Sparrow," claimed responsibility for the attack and said it would release the exchange's source code. Elliptic said the exchange was offline at the time of its post. Predatory Sparrow also claimed credit for a separate cyberattack on Iran's state-owned Bank Sepah this week. Fighting erupted between Israel and Iran on Friday and the countries have continued to trade missile fire. Iran supreme leader Ayatollah Ali Khamenei threatened the U.S. with "irreparable damage" Wednesday in response to President Donald Trump's demand that the country surrender. Though the stolen assets have not been conclusively attributed to the group, Elliptic noted that the funds were sent to cryptographic addresses the hackers likely cannot control — suggesting the money was intentionally destroyed as a symbolic act rather than stolen for profit. Elliptic's research linked the exchange to Iran's IRGC, a powerful branch of the military designated as a terrorist organization by the United States, United Kingdom, European Union, and Canada. Past investigations have connected the platform to sanctioned IRGC-linked ransomware operatives and individuals close to Khamenei. Blockchain data also shows activity between the Nobitex exchange and wallets associated with Hamas, Palestinian Islamic Jihad, and the Houthis. Elliptic said it's continuing to monitor virtual asset flows tied to Iranian entities and has updated its compliance tools to reflect emerging threats in the region's crypto ecosystem.
