View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 5, 2022updated 31 Oct 2022 3:14pm

‘Heart-warming for the revolution’: Hacktivists from Anonymous join Iran protests

Widespread DDoS attacks boost protestors taking to the streets in opposition to the government in Tehran.

By Claudia Glover

Hackers belonging to the online activism collective Anonymous claim to have joined the protests in Iran by carrying out cyberattacks on the database of the Iranian parliament, several national banks and an offshore petrochemical plant, among other targets. An Iranian business owner who spoke to Tech Monitor said the intervention by the hacktivists was welcome, but that more sophisticated cyberattacks would be required to make a greater impact.

Civil unrest has rocked Iran since the death of Mahsa Amini last month. People around the world, including these protestors in Turkey, have lent their support. (Photo by OZAN KOSE/AFP/Getty Images)

Civil unrest has rocked Iran since 25 September, when the news of the death of 22-year-old Mahsa Amini was publicised. Amini was arrested for allegedly violating the country’s strict Islamic dress code by wearing her hijab too loosely. She died in hospital in Tehran on 16 September, with injuries sustained during her arrest reportedly causing her death, though the Iranian government denies this Since then, thousands have taken to the streets in protest, leading the government to reportedly shutting off the country’s internet access to try and quell the disturbances.

Thousands of members of the online hactivism collective Anonymous have since joined the protests, claiming to have targeted Iranian government websites and national online infrastructure. The Anonymous protest initiative has been nicknamed OpIran (Operation Iran) and has already hit several high-profile targets. These cyberattacks are similar to those that emerged on the side of Ukraine at the beginning of Russia’s invasion.

Anonymous hacktivists join protests in Iran

Two main websites of the Iranian government are reported to have been the main target of initial attacks. One is the “smart devices” website for the government of Iran, where online services are offered. The other publishes government news and interviews with officials. 

Subsequently, Anonymous has claimed to have hacked into the database of Iran’s parliament and its Supreme Audit Court, releasing the phone numbers and other data of Iranian lawmakers. 

An offshore petrochemical plant has also allegedly fallen foul of Anonymous’s hacktivism spree. According to a tweet posted to the collective’s Twitter account Anonymous TV, 971MB of data have been stolen from the oil company. The plant is a subsidiary of the National Iranian Oil Company (NIOC).

Other attacks surfacing online under the OpIran initiative are the takedown of websites of the Central Bank of Iran, Meli Bank and Sepah bank. OpIran has also claimed to have knocked out state broadcaster IRIB and the Iranian Teacher’s Savings fund.

Content from our partners
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility

Anonymous Iran attacks boost protestors

Of those that have so far been verified by western cybersecurity companies, some seem legitimate. “We have observed a few indications of government websites being taken offline by hackers,” security expert at Check Point research Liad Mizrachi told CNBC. “Predominantly we have seen this being done through Distributed Denial of Service (DDoS) attacks.” 

Security company Mandiant also confirmed that several of the services claimed to have been disrupted have been offline at various points in time, and in some cases, remain unavailable. “Overall, these DDoS and doxing operations may add pressure on the Iranian government to pursue policy changes,” Mandiant’s Emiel Haeghebaert said. 

Such online protest is a boost to morale, but should go even further, says the owner of a technology company based in Iran, who spoke to Tech Monitor on condition of anonymity. “What they are doing is something really heartwarming for the revolution and the protesters on the streets, when they see freedom fighters in other countries supporting them,” they said. 

But they said while Anonymous is doing something “very good to drive the protests and the revolution”, basic DDoS attacks need to be followed with more sophisticated assaults that “target databases, or hack national TV”.

However, it is not entirely surprising that so many websites have been open to attack, as Iranian cybersecurity is considered to be poor relative to other countries, says Greg Austin, lead of cyberspace and future conflict at the International Institute for Strategic Studies. This is despite the fact that cybercriminals from Iran have been active in targeting infrastructure in other countries, notably Israel and its allies.

Iranian hackers were also blamed for a major attack on Albania’s national infrastructure, which led the Baltic nation to sever all diplomatic ties with Tehran.

“Iran has been aggressive in cyberspace, but I have doubts about their cyber defences and the security of Iranian government installations, simply because they don’t have the depth and breadth of cyber talent,” Austin says.

Read more: Iran’s steel industry suffers major cyberattack amid Israel tensions

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU