The group even extracted $90 million from cryptocurrency wallets linked to the Revolutionary Guards.
By Hezy Laing
During the recent war with Iran, Israel-linked cyber operatives, widely believed to be affiliated with the IDF’s Unit 8200, carried out an unprecedented cyberattack on Iran’s financial system.
The attack centered on Bank Sepah, Iran’s oldest and largest state-owned bank and a key institution tied to the Islamic Revolutionary Guard Corps (IRGC).
The pro-Israel hacker group Predatory Sparrow (Gonjeshke Darande) claimed responsibility for the attack.
They reportedly wiped out all data from Bank Sepah, disrupting ATMs, online banking, and gas station transactions across Iran.
Predatory Sparrow also extracted $90 million from cryptocurrency wallets linked to the Revolutionary Guards.
The group said it targeted the bank because it was used to evade sanctions and fund missile and nuclear programs.
They called it an “institution dedicated to sustaining the dictator’s terrorist fantasies”.
As a result of the attack, bank branches shut down, and customers were locked out of their accounts.
In addition salary and pension payments for IRGC personnel were halted.
Iran’s fuel distribution network was also affected, causing delays at gas stations nationwide.
All this led to nationwide panic, and a run on all banks ensued.
Iran’s largest commercial bank, Bank Melli, though not attacked, couldn’t meet the demand for cash.
The Iranian rial collapsed, losing 12% of its value after the first day of the war and the Tehran Stock Exchange crashed.
Iran’s cyber directorate responded by banning social media-linked devices for government officials.
The IDF attack marks a shift from traditional cyber espionage to destructive financial warfare.
Analysts say the attack was timed to coincide with IDF airstrikes on Tehran, forming part of a multi-domain offensive.
It’s seen as a digital extension of battlefield operations, aiming to destabilize Iran’s economy and military logistics.
