Just over a year ago, the Islamic Republic of Iran experienced one of its most serious cybersecurity breaches, resulting in the temporary inaccessibility of several government websites and the disruption of power grids, surveillance cameras, and other digital infrastructure. Contrary to what one might have expected, the attacks came not from any of Tehran’s foreign adversaries but rather from a group of anti-government hacktivists known collectively as Gyamsarnegouni, or “Uprising Until Overthrow.”
Cybersecurity researchers discerned the domestic origins of the hack mainly based upon the fact that the operation also saw the release of vast quantities of government documents detailing personnel and financial records, secret strategic communications by regime authorities The leak involved such a tremendous amount of data that it likely would have been impossible to access remotely from outside the Islamic Republic, partly because Iranian internet access is notably slow, with frequent outages, and partially because the systems targeted by the underlying hack were effectively cut off from the global internet.
Our research pointed out that that not only that individuals inside the Islamic Republic carried out the attacks but also that they almost certainly required the participation of figures inside the regime itself, who would have had direct access to the systems in question.
It would be difficult to overstate the damage these attacks have done to Iran’s ruling system by opposition hacktivists alongside finely-honed modern cyber espionage and digital sabotage tools. The damage should be evident from the scale and diversity of Iranian hacktivists’ achievements in recent years, especially in the immediate aftermath of the killing of Mahsa Amini by morality police in September 2022, which sparked an immediate, nationwide uprising that many have called the clerical regime’s greatest challenge in all of its 44 years.
An attack on the Islamic Republic of Iran Broadcasting penetrated highly secure networks, typically isolated from the internet, and allowed hackers to briefly broadcast opposition messaging on state media, including some of the uprising’s defining slogans, like “death to the dictator.” The attack presumably required direct access to the relevant systems, as did a hack of digital infrastructure for the Tehran Municipality, which kept security cameras inoperable for many hours even after the termination of internet connections.
Subsequent data leaks came from several highly secure servers and devices, including those associated with the Presidential Office and with the Foreign Affairs Ministry. The latter yielded around 50 Terabytes of data, signaling penetration into the innermost layers of the regime’s establishment.
Ironically, considering that in recent years,Iran has established itself as a formidable threat to global cybersecurity, even being ranked within the top five by several experts. Just last year, it was determined to be responsible for a devastating attack on Albania. Both before and after the unusually successful attack on Albania, regime-backed hackers have naturally also targeted the United States, Israel, and the Gulf Arab states, demonstrating increasing sophistication along the way.
Beginning in 2020, and in anticipation of retaliatory measures by its powerful targets, Iran’s Ministry of Communications took steps to separate the Iranian intranet from the global internet, migrating most domestic websites to servers located strictly within the borders of the Islamic Republic. But in so doing, the regime unwittingly made itself more vulnerable to domestic hackers while also apparently underestimating the extent of the resources they drew upon from within the regime.
Even more recent developments suggest that Tehran has similarly underestimated the extent of the Iranian people’s commitment to overturning the theocratic dictatorship and the volume of organizational resources they have to draw upon.
The opposition hacktivists no doubt have access or could gain access to a wealth of knowledge about the regime’s repressive strategies, its vulnerabilities, and its efforts to discourage international support of the movement of the Iranian people to establish democracy. One should expect more of that information to come to light in upcoming weeks and months to the ayatollahs’ chagrin and contribute to the pressing debate of the future of the Islamic Republic and correct policy by the West.
Join the conversation as a VIP Member