- calendar_today September 3, 2025
This week, Iran’s digital walls opened wide as Predatory Sparrow, an elusive but incredibly powerful hacker group, launched a two-pronged cyberattack against some of the most important financial institutions in the nation. The targets are Sepah Bank, a financial titan connected to the military elite of the nation, and Nobitex, the leading bitcoin exchange in the nation.
The first knock came without notice.
Predatory Sparrow destroyed almost $90 million worth of crypto assets kept by Nobitex, allegedly one of the most calculated acts of financial sabotage in recent memory. But the money was burned, not stolen. The hackers moved them to wallet addresses that spelled out anti-regime messages such as “FuckIRGCterrorists.”
“These are vanity addresses—custom-generated to transmit a message,” said Tom Robinson, co-founder of blockchain tracking company Elliptic. Once money gets transferred there, it is gone permanently. There’s no key. Not at all recovered. That is a digital black hole.
Alleging that Nobitex was part of the terror finance operation of the Iranian government, Predatory Sparrow claimed in a post on X that the platform helped the IRGC, Hamas, and Houthi rebels transfer money while dodging Western sanctions. Elliptic later verified these connections using blockchain activity showing flows to approved companies.
Nobitex’s website crashed practically right away following the hack announcement. The firm did not follow up with me. Not denying. No help for impacted users. Simply silence.
Then arrived the second.
Predatory Sparrow focused on Sepah Bank, a financial institution closely associated with the Islamic Revolutionary Guard Corps and Iran’s defense system. The group claims to have totally erased all of the internal bank data. They also released internal records purportedly showing Sepah facilitating nuclear program and ballistic missile financial transactions for Iran.
With its data leak, the group included a note saying, “This is a warning.” Your assets are in danger if you belong to the terror and sanction evasion network of the regime. Who comes next?
The effect started right away. Iranian cybersecurity specialist Hamid Kashfi, who lives in Sweden, claimed that following the attack, many online banking systems and automated teller machines were rendered non-functional. “This is severely affecting common people in addition to the military or government. That’s the aftermath, he remarked.
The website of Sepah Bank returned temporarily, but the degree of internal system damage is yet unknown. The Iranian government, as well as the bank itself, has stayed silent, providing no comments or refutes.
This is not the first significant attack of Predatory Sparrow. The group has already disabled thousands of Iranian gas stations, interfered with train operations, and in a now-famous attack, stole industrial controls from a steel mill, flooding molten metal on the floor and almost killing plant workers from a fire started.
Although the group bills itself as an Iranian resistance effort under the Farsi name Gonjeshke Darande, global experts almost certainly find it to be a proxy group supported by Israeli intelligence. Their political targets and technical accuracy are quite similar to Israeli cyber interests in the area.
“These folks are on another level,” said Mandiant’s head of threat intelligence, John Hultquist. They run with discipline, a goal in mind, and a terrible efficacy. Usually, when they claim to be going to destroy something, they really are.
Targeting Nobitex, Predatory Sparrow dealt a blow to Iran’s crypto lifeline—a vital instrument the nation uses to get around international banking restrictions. Targeting Sepah Bank, they directly upset the financial engine driving much of Iran’s military growth.
Taken together, these two strikes point to a new phase in Iran’s cyberwarfare whereby digital sabotage substitutes for sanctions and firewalls become battlefields.
And with the hackers certifying their most recent campaign with “Who’s next?” Iran and its supporters may now have to consider when rather than if.




