Jump to content

Codebreakers attack on Bank Sepah

Edit links
From Wikipedia, the free encyclopedia
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

The Codebreakers attack on Iranian Bank Sepah was a major cyber intrusion publicly disclosed in March 2025. A hacker collective known as "Codebreakers" claimed responsibility for breaching Sepah Bank, one of Iran's oldest and most strategically significant financial institutions. The group alleged it had accessed over 42 million customer records, including sensitive financial data. The incident followed the IRLeaks attack in 2024, and the cyber attack on the Melli Bank in 2021, and as a result the vulnerabilities of Iran's financial infrastructure were exposed, causing widespread criticism against the bank and its affluent customers from the military and government sectors.

The bank initially responded with a complete denial of the breach, while simultaneously issuing warnings to local media against publishing the leaked data and threatening with legal prosecution. The hacker group responded with partial exposure of the leaked information, including the financial data of senior Iranian officials and IRGC officers with billions of Iranian Tomans in their accounts. Contrasted with the rampant poverty in Iran, the incident triggered widespread criticism in social media against the officials and the regime, and the manner in which the bank addressed the incident was mocked.

Background

Bank Sepah, established in 1925,[1] is Iran's oldest national bank still in operation[2] and is the fourth largest state-owned bank in the country.[3][4] It has over 1700 branches in Iran and three additional branches in Rome, Paris and Frankfurt, and a wholly-owned subsidiary in London.[5] Bank Sepah was originally founded to provide financial services to military personnel, and in 2020 a number of military banks were merged into it as part of a broader restructuring program to consolidate all military financial institutions under one state-run entity.[6][2] It has long played a central role in financing military and defense-related projects, particularly Iran's pursuit of missiles and weapons of mass destruction,[7] facilitating numerous transactions for the procurement of missile components from China and from Korea Mining and Development Trading Corporation (KOMID), North Korea's primary ballistic missile exporter.[3][4][8] As a result, the bank has been under US, EU, and UN sanctions due to its involvement in proliferating weapons of mass destruction technologies, including support to entities such as Iran's Aerospace Industries Organization (AIO) which oversees all of Iran's missile industries, Shahid Hemmat Industrial Group (SHIG), responsible for Iran's ballistic missile program and Shahid Bakeri Industries Group (SBIG) involved in the development of missile systems capable of carrying chemical warheads.[4] The 2025 cyber attack on the Bank Sepah follows other similar attacks, such as the 2024 IRLeaks attack, for which the Iranian government paid millions of dollars in ransom to prevent the release of customer data, and the 2021 attack on Melli Bank which resulted in the failure to prevent data exposure.[2]

The breach

In early March 2025, the hacker group Codebreakers posted a message on Telegram and other social platforms claiming they had infiltrated Bank Sepah's systems and extracted vast amounts of data.[9][10] They alleged access to more than 12 terabytes of confidential data belonging to more than 42 million individuals, including account numbers, passwords, mobile phone numbers, residential addresses, bank transaction histories, and information related to military personnel.[9][11] The group stated that they had offered the bank a 72-hour window for negotiations to prevent the disclosure of the information, with the demand of $42 million in Bitcoin, which the bank refused to pay.[12]

Official denial and social media response

Initially Sepah Bank denied all claims that its security systems had been breached, as head of the Bank’s Public Relations Department Reza Hamedanchi stated that the bank's systems worked on closed networks with no connection to the internet, and that "Sepah Bank’s systems are unhackable and impenetrable”.[13] However, the bank warned media and citizens against republishing the information obtained by the hackers and threatened with legal action against those who did.[14] The threats were issued due to the bank's "position with the armed forces" and the importance of "confidentiality of information related to the country's military and security institutions".[14]

In response to the bank's denial and its "indifference to the security breach", the Codebreakers group released images of the banking data belonging to head of public relations at Bank Sepah, Reza Hamedanchi, as well as the private banking data of 20 thousand individuals, including high-profile civilian and military customers.[15] Among those whose private information and account details were exposed are Abbas Golmohammadi, former Deputy Director of Exploration at the Geological and Mineral Exploration Organization of the country and Deputy Director of Planning and Development of the Sangan Iron Ore Complex, with an account of 768 billion Tomans, General Hassan Palarak, former senior commander of the Revolutionary Guards Quds force,[16] a supporter of pro-Islamic Republic militias in the region and a close associate of Qassem Soleimani, with a value of 634 billion tomans ($6.12M at the open market rate),[2] Alireza Arash, a member of the board of directors of Henkel Pakwash, a subsidiary of the German multinational chemical company Henkel, with an account of 408 billion Tomans.[12] Other notable individuals whose details were exposed are Mohammad Baradaran, a board member of Ghadir Investment Company, Kazem Ghalamchi, founder of Ghalamchi Educational Institute and Rasoul Sirati, CEO of Tik, a military affiliate company reportedly involved in missile and drone technology.[17][12]

The leaked information and the bank's response to the attack triggered a wave of criticism online, with Iranian citizens raising questions on how such large sums of money can be held by only a few individuals, while the general public struggles with financial difficulties.[2] Ali Sharifizarchi, an academic with a large following on Twitter/X, focussed particularly on Palarak, questioning how his wealth is justified in light of the widespread economic crisis.[2] Investigative journalist Yashar Soltani stated that the exposed data explains why Iranian citizens support the sanctions against Iran and demand financial transparency.[2] Conservative journalist Ali Gholhaki, as well as other users of social media, have mocked the bank for threatening legal action while simultaneously denying there had been any data breach.[2]

See also

References

  1. ^ "Bank Sepah | Iran Watch". www.iranwatch.org. Retrieved 2025-04-02.
  2. ^ a b c d e f g h "Claimed hacking of Iran's oldest bank raises questions about motives". Amwaj.media. Retrieved 2025-04-03.
  3. ^ a b "Bank Sepah". The Nuclear Threat Initiative. Retrieved 2025-04-02.
  4. ^ a b c "Iran's Bank Sepah Designated by Treasury Sepah Facilitating Iran's Weapons Program | U.S. Department of the Treasury".
  5. ^ "Bank Sepah | Iran Watch". www.iranwatch.org. Retrieved 2025-04-02.
  6. ^ "Crisis Leads Iranian Armed Forces Banks To Be Merged Into Bank Sepah". Radio Free Europe / Radio Liberty. 2019-03-03. Retrieved 2025-04-03.
  7. ^ "Iran's Bank Sepah Designated as a Facilitator of Iran's Weapons Programs | Iran Watch". www.iranwatch.org. Retrieved 2025-04-02.
  8. ^ "Bank Sepah | Iran Watch". www.iranwatch.org. Retrieved 2025-04-02.
  9. ^ a b "تهدید هکرها و انکار بانک؛ افشای فهرست میلیاردرهای سرشناس در بانک سپه". ایندیپندنت فارسی (in Persian). 2025-03-30. Retrieved 2025-04-02.
  10. ^ "Hackers Claim Access to 42 Million Sepah Bank Records, Bank Denies Breach". iranwire.com. Retrieved 2025-04-02.
  11. ^ "Hackers Claim Access to 42 Million Sepah Bank Records, Bank Denies Breach". iranwire.com. Retrieved 2025-04-02.
  12. ^ a b c "تهدید هکرها و انکار بانک؛ افشای فهرست میلیاردرهای سرشناس در بانک سپه". ایندیپندنت فارسی (in Persian). 2025-03-30. Retrieved 2025-04-02.
  13. ^ "Hackers Claim Access to 42 Million Sepah Bank Records, Bank Denies Breach".
  14. ^ a b فردا, رادیو (2025-03-31). "دربارهٔ «هک» اطلاعات مشتریان بانک سپه چه می‌دانیم؟". رادیو فردا (in Persian). Retrieved 2025-04-02.
  15. ^ "Hackers Claim Access to 42 Million Sepah Bank Records, Bank Denies Breach". iranwire.com. Retrieved 2025-04-02.
  16. ^ فردا, رادیو (2025-03-31). "دربارهٔ «هک» اطلاعات مشتریان بانک سپه چه می‌دانیم؟". رادیو فردا (in Persian). Retrieved 2025-04-02.
  17. ^ Newsroom, Iran International (2023-06-29). "Latest Company Involved In Iran's Drone Program Revealed". www.iranintl.com. Retrieved 2025-04-03. {{cite web}}: |last= has generic name (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Codebreakers_attack_on_Bank_Sepah&oldid=1283759274"