Amid escalating cyber threats, Tosan, an Iranian IT vendor serving numerous top banks and government entities, has reportedly fallen victim to a massive cyberattack. Despite the Iranian government’s denial of any breach, emails and blockchain data reveal that Tosan is in negotiations to pay a substantial ransom. This has raised significant concerns about the state of cybersecurity for critical infrastructure in Iran.
Earlier reports about Tosan’s vulnerabilities highlighted various security lapses over the years, but the scale of the current attack seems unprecedented. IRLeaks, the hacker group responsible, has a history of targeting Iranian government institutions, suggesting a pattern of increasing sophistication and ambition in their tactics. The revelation of the cyberattack on Tosan comes amidst other significant breaches in Iran’s cyber landscape, raising questions about the effectiveness of current cybersecurity measures.
Details of the Cyberattack
Tosan, which provides IT services to 45% of Iran’s banks, has confirmed that hackers accessed data from at least 20 of the country’s 29 active credit institutions. The attackers obtained sensitive information, including account numbers, full names, dates of birth, and transaction details of millions of bank customers. IRLeaks threatened to sell this data if a deal was not reached.
Negotiations and Ransom Payments
Initially, Tosan and IRLeaks agreed on a payment schedule beginning with 1 bitcoin, followed by 3 bitcoins per week until a total of 35 bitcoins is paid. This amounts to approximately $561,000 so far, with transactions verified through blockchain data. Despite the Iranian government’s denial, the evidence points to a significant breach.
Government and Public Response
Iran’s Central Bank has denied any system hacks, labeling the reports as false news aimed at disturbing public peace. However, the contrasting reports from various sources, including CyberScoop and Politico, suggest otherwise. The ongoing cyberattacks have not only targeted financial institutions but also other critical sectors, highlighting a growing cybersecurity crisis.
Cybersecurity concerns in Iran are escalating, with numerous groups like IRLeaks and Predatory Sparrow frequently breaching government and industrial targets. The attack on Tosan underscores the urgent need for enhanced cybersecurity protocols. As the negotiations and ransom payments continue, the full impact of the breach remains uncertain. Tosan’s situation exemplifies the broader cybersecurity challenges facing nations with critical digital infrastructure, emphasizing the importance of robust security measures and rapid response strategies.