Predatory Sparrow, also known as Gonjeshke Darande, has taken full responsibility for the cyberattacks on several Iranian steel facilities last month and has now released the first batch of top-secret documents on its Twitter handle.

The disclosed cache

The group released a cache of roughly 20 gigabytes of data. It contains corporate documents that reveal the steel facilities' connection to Iran’s powerful Islamic Revolutionary Guard Corps.
  • In a series of tweets in both English and Persian, the group said the cache was just the first part of what would be released.
  • While claiming responsibility for the attack on June 27, the group also released a photo and video that claimed to show equipment being damaged at the state-owned Khouzestan Steel Company, one of Iran's main steel production plants.
  • Although the steel company and the Iranian government denied that the attack had any significant consequences, sources claim that it hindered factory operations.

Why target the steel plants?

The Predatory Sparrow group clarified that the attacks were being carried out carefully so as to protect innocent individuals.
  • The group also added that these cyberattacks were in response to the aggression of the Islamic Republic.
  • The group further explains that the attack on the companies are subject to international sanctions and they will continue their operations despite the restrictions.

Is there more than meets the eye?

Even while Predatory Sparrow insists that the attacks are autonomous, it is speculated that the Israeli government is backing the hacktivist group, given the sophistication of the operation, the nature of the attacks, and the messaging before, during, and after what appears to be hacked.

Conclusion

Apart from the steel facilities attack, the Predatory Sparrow group has also taken responsibility for other digital attacks on important Iranian targets, such as the one that crippled Iran's state-controlled gasoline distribution in October 2021 and the one that hit the Iranian railway system in August 2021.

While the Iranian government continues to refute the group's allegations, doubts are inevitably raised with each cyber attack.
Cyware Publisher

Publisher

Cyware