Such cases have become increasingly common around the world in recent years as sophisticated hackers seize private data from governments and companies and demand ransom in return for not releasing the information.
Iran is no stranger to such activity. In December, IRLeaks claimed to have stolen the customer data of nearly two dozen Iranian insurance companies, and of hacking into Snapp Food, a delivery service. Though the companies agreed to pay ransom to IRLeaks, it was far less than the group received from the banking hack, the officials said.
IRleaks entered the banks’ servers via a company called Tosan, which provides data and other digital services to Iran’s financial sector, the officials said. Using Tosan as a Trojan horse, the hackers appear to have siphoned data from both private banks and Iran’s central bank. Of Iran’s 29 active credit institutions, as many as 20 were hit, said the officials, who requested anonymity in order to reveal sensitive information.
Among the affected banks were the Bank of Industry and Mines, Mehr Interest-Free Bank, Post Bank of Iran, Iran Zamin Bank, Sarmayeh Bank, Iran-Venezuela Bi-National Bank, Bank Day, Bank-e Shahr, Eghtesad Novin Bank, and Saman, which also has branches in Italy and Germany.
The regime ultimately forced Tosan to pay the IRLeaks ransom, a personal familiar with the events said.
Severe difficulties
What isn’t clear is whether the hackers used Tosan to hit other targets in Iran. The firm has a wide customer base, including government entities beyond the central bank.