Iran has emerged as the most recent site of cyber sabotage in a sharp increase in digital warfare. Two coordinated attacks that targeted the core of the nation’s financial operations have been attributed to the hacker collective Predatory Sparrow. Their targets? Sepah Bank and the cryptocurrency exchange Nobitex are both essential parts of Iran’s economy.

This had nothing to do with stealing. It had to do with dismantling.

Elliptic, a blockchain analytics company, claims that the hackers purposefully destroyed more than $90 million worth of cryptocurrency by relocating the assets to unique addresses that start with derogatory phrases like “FuckIRGCterrorists.” It is impossible to recover these “vanity” wallet addresses. Money sent to them is lost forever.

Elliptic’s Tom Robinson stated, “This is a very uncommon instance where hackers didn’t intend to make money.” “The assets that were taken have been destroyed forever. Here, sabotage was obviously the aim.

According to Predatory Sparrow, Nobitex was assisting Iran’s government in evading sanctions and financing networks connected to terrorism. They pointed to connections to organizations like the Houthis, Hamas, and the Islamic Revolutionary Guard Corps, which Elliptic’s own investigation backed up with transaction data.

Since the incident, the Nobitex platform has been unavailable, and there has been no communication between the parties. Nothing to say. No justification. Millions of dollars once flowed into a haunting digital void.

Soon after, the group launched another attack, this time targeting Sepah Bank. Predatory Sparrow posted documents purportedly exposing Sepah’s cooperation with Iran’s defense apparatus and announced that it had destroyed all of the bank’s internal systems.

“Who’s next?” was the scathing message that accompanied the breach.

Iranian cybersecurity specialist Hamid Kashfi, who resides in Sweden, said that following the Sepah hack, his contacts in Tehran reported widespread disruptions in digital banking and ATM services. This was more than just a symbolic gesture. Individuals were unable to access their accounts. The majority of the victims were civilians, Kashfi clarified.

The disruption appears to have had long-lasting effects, even though Sepah’s website eventually came back online. Sepah is used by many Iranians for daily banking, pension payments, and salary deposits. Not only is it inconvenient, but losing access to those systems causes economic paralysis.

For a long time, Predatory Sparrow has been operating covertly, carrying out deliberate, devastating attacks on Iran’s infrastructure. In the past, the group has paralyzed the rail system, shut down the country’s gas station network, and even tampered with industrial controls to cause a steel factory fire.

The group positions itself as an anti-regime force in Iran. However, intelligence analysts say otherwise. It is probably a front for Israeli cyber units based on its resources, accuracy, and strategy.

Expert John Hultquist of Google’s Mandiant stated, “This is not a rogue operation.” “Predatory Sparrow possesses military accuracy.” They launch strategic and targeted attacks. They are also becoming more daring.

The twin attacks usher in a new era of cyberwarfare. They make it difficult to distinguish between state-sponsored warfare and hacktivism. Iran’s cryptocurrency gateway, Nobitex, was used for both domestic and international sanctions evasion. Iran’s military finances relied heavily on Sepah Bank.

By focusing on both, Predatory Sparrow sliced through Iran’s financial system, demonstrating unequivocally that there is no such thing as digital immunity.

The group warned not only Iran but the entire world that this is what cyberwar looks like with their parting message: “Caution: Associating with the regime’s financial arms could cost you everything.”