Hacks against Iran highlight regime’s vulnerabilities - analysis

The group behind the hacks calls itself Black Reward and recently claimed to have published a mass of documents related to Iran’s nuclear program.

A hacker is being depicted in this illustrative photo  (photo credit: Courtesy)
A hacker is being depicted in this illustrative photo
(photo credit: Courtesy)

Over the last several days, a series of documents purportedly linked to key institutions in Iran have either been leaked online or distributed surreptitiously to opponents of the regime.

In the latest round of hacks, a demand was issued that Iran must release political prisoners. Earlier this month, a fire broke out at the notorious Evin Prison. Iran, meanwhile, has continued to crack down on widespread protests that have gone on for weeks now.

The group behind the hacks calls itself Black Reward and recently claimed to have published a mass of documents related to Iran’s nuclear program.

According to UK-based Iran International, “The group said Friday it had hacked the email system of Iran’s Nuclear Power Production and Development Company, threatening that it will release the documents if the government does not stop its clampdown on protesters.”

It also said, “A total of 50 GB data was obtained. Black Reward earlier had warned that it will publish the data it has obtained within 24 hours unless the Islamic Republic releases all political prisoners and detained protesters.”

People light a fire during a protest over the death of Mahsa Amini, a woman who died after being arrested by the Islamic republic's ''morality police'', in Tehran, Iran, September 21, 2022. (credit: WANA (WEST ASIA NEWS AGENCY) VIA REUTERS/FILE PHOTO)People light a fire during a protest over the death of Mahsa Amini, a woman who died after being arrested by the Islamic republic's ''morality police'', in Tehran, Iran, September 21, 2022. (credit: WANA (WEST ASIA NEWS AGENCY) VIA REUTERS/FILE PHOTO)

“The group said Friday it had hacked the email system of Iran’s Nuclear Power Production and Development Company, threatening that it will release the documents if the government does not stop its clampdown on protesters.”

UK-based Iran International

The message, ostensibly from the group, said, “Dear friends and countrymen... as part of the Iranian hacker community, unlike the Western countries, we are not flirting with criminal mullahs, and if we say something, we follow it 100%.”

The group claimed to have public as well as private conversations of Iran with the International Atomic Energy Agency.

The hackers discussed masses of documents related to nuclear development contracts, construction plans, operational schedules of parts of the Bushehr power complex, identity documents of engineers and other employees in the Iran atomic energy sector, and even passports and visas of Iranian and Russian specialists working at the Bushehr power plant. Russia has played a role at Bushehr for decades.

However, the files that were offered for download as part of the hack had their own issues. According to the hackers, Iran’s communication and information infrastructure already contains malware. The public was warned about this.

Iran has also been the target of other hacks

Circulating reports have said that the “Anonymous” group hacked sites of numerous ministries in Iran and revealed potential money laundering and Iranian financial connections to banks around the world.

The documents published online lack some clarity, though. One of them appears to show an account balance in the amount of 493 billion euros. Another showed another account, also allegedly worth billions of euros.

The documents raise more questions than they answer, in that there doesn’t seem to have been much investigating beyond people posting a few screenshots of the documents.

Claims saying the documents show that Iran is spending money abroad to support propaganda efforts are interesting, but lack verification.

Nevertheless, the people mentioned in the documents or those who may have worked for the regime or received money from companies linked to Iranian state media might wonder if these hacks will reveal more. Iran’s regime must wonder why its cybersecurity is so vulnerable.

The real message then of the leaks – and claims that there could be more hacked Iranian regime documents – is that the regime is vulnerable.

While Iran has increased its own cyberattacks abroad in recent years, it also has its own vulnerabilities. The regime must wonder whether more of its closely guarded secrets will be revealed.

According to what’s been revealed so far, the hacked documents don’t seem to include a major smoking gun in them.

For a regime that attempts to project strength amid protests and is constantly on guard for enemies and threats, the protests have been a challenge. Tehran’s cyber vulnerabilities must leave the regime wondering whether its efforts over the last 15 years to increase cyberdefenses and even go on the offense in the cyber world, have come to naught.