Hackers belonging to the online activism collective Anonymous claim to have joined the protests in Iran by carrying out cyberattacks on the database of the Iranian parliament, several national banks and an offshore petrochemical plant, among other targets. An Iranian business owner who spoke to Tech Monitor said the intervention by the hacktivists was welcome, but that more sophisticated cyberattacks would be required to make a greater impact.

Civil unrest has rocked Iran since the death of Mahsa Amini last month. People around the world, including these protestors in Turkey, have lent their support. (Photo by OZAN KOSE/AFP/Getty Images)

Civil unrest has rocked Iran since 25 September, when the news of the death of 22-year-old Mahsa Amini was publicised. Amini was arrested for allegedly violating the country’s strict Islamic dress code by wearing her hijab too loosely. She died in hospital in Tehran on 16 September, with injuries sustained during her arrest reportedly causing her death, though the Iranian government denies this Since then, thousands have taken to the streets in protest, leading the government to reportedly shutting off the country’s internet access to try and quell the disturbances.

Thousands of members of the online hactivism collective Anonymous have since joined the protests, claiming to have targeted Iranian government websites and national online infrastructure. The Anonymous protest initiative has been nicknamed OpIran (Operation Iran) and has already hit several high-profile targets. These cyberattacks are similar to those that emerged on the side of Ukraine at the beginning of Russia’s invasion.

Anonymous hacktivists join protests in Iran

Two main websites of the Iranian government are reported to have been the main target of initial attacks. One is the “smart devices” website for the government of Iran, where online services are offered. The other publishes government news and interviews with officials. 

Subsequently, Anonymous has claimed to have hacked into the database of Iran’s parliament and its Supreme Audit Court, releasing the phone numbers and other data of Iranian lawmakers. 

An offshore petrochemical plant has also allegedly fallen foul of Anonymous’s hacktivism spree. According to a tweet posted to the collective’s Twitter account Anonymous TV, 971MB of data have been stolen from the oil company. The plant is a subsidiary of the National Iranian Oil Company (NIOC).

Other attacks surfacing online under the OpIran initiative are the takedown of websites of the Central Bank of Iran, Meli Bank and Sepah bank. OpIran has also claimed to have knocked out state broadcaster IRIB and the Iranian Teacher’s Savings fund.

Anonymous Iran attacks boost protestors

Of those that have so far been verified by western cybersecurity companies, some seem legitimate. “We have observed a few indications of government websites being taken offline by hackers,” security expert at Check Point research Liad Mizrachi told CNBC. “Predominantly we have seen this being done through Distributed Denial of Service (DDoS) attacks.” 

Security company Mandiant also confirmed that several of the services claimed to have been disrupted have been offline at various points in time, and in some cases, remain unavailable. “Overall, these DDoS and doxing operations may add pressure on the Iranian government to pursue policy changes,” Mandiant’s Emiel Haeghebaert said. 

Such online protest is a boost to morale, but should go even further, says the owner of a technology company based in Iran, who spoke to Tech Monitor on condition of anonymity. “What they are doing is something really heartwarming for the revolution and the protesters on the streets, when they see freedom fighters in other countries supporting them,” they said. 

But they said while Anonymous is doing something “very good to drive the protests and the revolution”, basic DDoS attacks need to be followed with more sophisticated assaults that “target databases, or hack national TV”.

However, it is not entirely surprising that so many websites have been open to attack, as Iranian cybersecurity is considered to be poor relative to other countries, says Greg Austin, lead of cyberspace and future conflict at the International Institute for Strategic Studies. This is despite the fact that cybercriminals from Iran have been active in targeting infrastructure in other countries, notably Israel and its allies.

Iranian hackers were also blamed for a major attack on Albania’s national infrastructure, which led the Baltic nation to sever all diplomatic ties with Tehran.

“Iran has been aggressive in cyberspace, but I have doubts about their cyber defences and the security of Iranian government installations, simply because they don’t have the depth and breadth of cyber talent,” Austin says.

Read more: Iran’s steel industry suffers major cyberattack amid Israel tensions