Politics, Revolution, and Digital Attacks: Uncovering Iran’s Recent Hack

Iranian hacker group “Black Reward” has shifted their target from the Iranian government to a popular financial application used by millions of Iranians. The group has announced a new attack on the application, which allows users to conduct digital transactions.

The group released translated screenshots on the web, containing messages that read, “The death of Hameni. We return to the streets because the revolution continues. For women, life, freedom.” These messages were accompanied by the hashtag “#mahsaamini,” referring to the Iranian woman who was killed in a police station in September 2022, sparking country-wide protests.

On their Telegram channel, the hacker group posted a message stating, “As we all know, the flame of the revolution may subside, but it will never go out. The Black Ruward hacker group belongs to the people and will be with the people until victory.”

The group disseminated these messages through Appendix 780, an application that enables users to conduct financial transactions, such as online shopping, bill payments, and bank balance inquiries. The application developer claims to have over 6 million users. On late Thursday and Friday, several people shared videos of the notifications and commented on the data on Twitter.

The Telegram channel of the “Black Reward” group had been inactive since February 28. On that day, the group published the second part of an alleged hacking attack on the FARS news agency, which is controlled by the Islamic Revolutionary Corps (KSIR). The channel currently has more than 87,000 subscribers.