A high-profile cyberattack campaign that rocked Iran’s financial ecosystem this week may change the face of geopolitical cyberwarfare, according to experts. The assailant? Long suspected of having connections to Israeli intelligence, Predatory Sparrow is a clandestine, well-organized hacker collective.

The group claimed responsibility for two significant attacks: one against Sepah Bank, one of Iran’s most established financial institutions, and the other against Nobitex, the country’s top cryptocurrency exchange.

However, this was not your average cybercrime.

The digital assets at Nobitex were not taken by the attackers. Rather, they destroyed them. Elliptic, a blockchain forensics company, claims that over $90 million in cryptocurrency was purposefully transferred to wallet addresses that were specifically created and marked with derogatory anti-IRGC statements like “FuckIRGCterrorists.” These addresses—often called vanity wallets—are essentially dead ends because money sent to them cannot be recovered.

Elliptic co-founder Tom Robinson stated, “The crypto was burned, not stolen.” “It’s an uncommon instance where political sabotage triumphs over economic gain.”

On its X account, Predatory Sparrow declared that Nobitex was a “key regime tool” that was utilized to circumvent international sanctions and facilitate the financing of terrorism. They blamed the exchange for purported transactions involving wallets connected to Hamas, Houthi rebels, Palestinian Islamic Jihad, and IRGC agents; Elliptic supported these allegations in their blog post containing blockchain tracing information.

The consequences were immediate. No public statements have been made since Nobitex’s website went down. Iranian cryptocurrency users who used the platform for both trading and storing digital assets have become even more anxious as a result of the silence.

However, the assault on Nobitex was only the start.

Hours later, the same hacker collective claimed to have gained access to Sepah Bank and destroyed all internal bank data. They shared what looked to be internal documents demonstrating agreements between Sepah and components of Iran’s military-industrial complex in order to support their claims.

“Who’s next?” was their menacing warning as their message came to an end.

According to reports from inside Iran, there have been extended outages in Sepah’s ATMs and online banking systems, making it impossible for citizens to access their money or carry out everyday transactions. These statements were corroborated by Iranian cybersecurity researcher Hamid Kashfi, who is based in Sweden. He stated, “This attack has created chaos for everyday Iranians, not just government officials.”

Although Sepah’s website for the general public was momentarily restored, it’s unclear how much damage was done behind the scenes. The timing of the double assault couldn’t have been worse for a nation already experiencing economic strain.

Predatory Sparrow is known for its well-thought-out, powerful attacks. The group has continuously targeted critical systems, from hacking railway displays to causing a fire at a steel mill in 2022 to taking down Iran’s national fuel card system. Their activities frequently involve making videos or documents available to the public, which increases the exposure and psychological impact of their deeds.

Despite presenting itself as an Iranian resistance movement, Predatory Sparrow is not considered grassroots by the majority of cyber analysts. The operational reach, intelligence targeting, and technical know-how point to state-level support, most likely from Israel.

John Hultquist, chief analyst at Google’s Mandiant, stated, “This group is different.” They have the power to cause significant, enduring harm. Additionally, these guys follow through on their threats, in contrast to many other groups.

Nobitex played a crucial role in the regime’s survival as Iran increasingly turned to cryptocurrencies as a means of evading economic sanctions. Similarly, Sepah Bank has long served as a financial conduit for Iran’s military and defense industries, making it more than just another bank.

Predatory Sparrow has struck at the nexus of Iran’s traditional and digital economic might by affecting both.

It is evident from their concluding statement, “Caution: Associating with regime terror financing and sanction violation infrastructure puts your assets at risk,” that this is not the end. It’s merely the most recent phase of a terrifyingly accurate digital war.