Iran Telecom Cyber Attack: APT IRAN Claims Access to 4TB of Data

In the latest cybersecurity news from Iran, the lesser-known threat actor group APT IRAN has asserted claims of Iran telecom cyber attack. They claim to have gained access to the databases of Iran Telecom and Irancell, boasting a claimed file size of 4TB. 

This revelation has put the spotlight on the vulnerability of these telecom giants to cyber threats. The threat actor group, APT IRAN, issued a stern warning to Iran Telecom and Irancell, signaling that their servers are currently vulnerable. 

They further threatened to upload a penetration video along with the purported 4TB of sensitive data onto the internet as a validation of their claim. This declaration was announced on the dark web portal, where it first made the claims for this Iran telecom cyber attack. 

Iran telecom cyber attack decoded

Efforts to communicate with MTN Irancell, the affected telecom company, were hampered as its website remained inaccessible at the time of the incident.

Users attempting to access the site were met with the message, “This site can’t be reached,” signifying a potentially severe disruption in services.

A website displaying the “This site can’t be reached” error message may be attributed to various factors, including a Distributed Denial of Service (DDoS) attack, which inundated servers with an excess of traffic, rendering them unresponsive. \

Additionally, a DNS attack targeting the Domain Name System can disrupt the conversion of domain names into IP addresses, leading to inaccessibility. Compromised network infrastructure and malware infections can also contribute to this error.

While the exact motives behind this Iran telecom cyber attack remain undisclosed, it is worth noting that Telecom retirees in Iran have been persistently rallying for over a decade to address their denied needs. 

Simultaneously, cities across Iran have witnessed ongoing protests by telecom industry retirees, decrying substandard living conditions and meager pensions while demanding their rightful entitlements.

Previous Incidents of Disruption

The Iran telecom cyber attack is not an isolated event. Earlier this year, an Iranian dissident group successfully disrupted servers, websites, and applications linked to the regime’s presidency apparatus, subsequently leaking a trove of classified files and documents. 

This breach marks another significant blow to the regime following a prior disruption targeting the Foreign Ministry, resulting in dissidents obtaining over 50 terabytes of sensitive information.

Protests in Iran have escalated across 282 cities, with over 750 casualties and more than 30,000 arrests at the hands of regime forces, as reported by the Iranian opposition People’s Mojahedin Organization of Iran (PMOI/MEK).

The PMOI/MEK has published the names of 675 fallen protesters. APT IRAN remains a relatively obscure threat actor group, with fewer recorded cyber-attacks compared to its counterparts.

While a Github page suggests 62 contributions in the past year, the authenticity of these statistics is debatable, given multiple claims purporting to represent APT IRAN.

With limited visibility in the dark web forums, determining the true identity of the APT IRAN hacker group remains a challenge.

The Iran Telecom cyber attack is an ongoing story. As this story continues to unfold, updates will be provided as more information emerges or official confirmation is obtained from the affected company.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.