Israeli Cyber Attackers Responsible for Iran’s Internet Outage

 

Iranian Internet Attacked by Israeli Hacktivist Group: Reports

An Israeli hacktivist group is taking credit for a cyberattack in Iran that reportedly took down internet access to parts of the country overnight Thursday.

Shortly before reports emerged from Iran, the group WeRedEvils posted a message on their Telegram channel saying, “In the next few minutes we will attack systems and internet providers in Iran. A severe blow is on the way,” according to a report in The Jerusalem Post. The Post found numerous comments online from Iran about Wi-Fi outages and internet blackouts in parts of the country, including the capital city of Tehran. It remains unclear how widespread the outages are, though the hacktivist group later claimed success.

“Some of the wonders of the last night: we successfully broke into the Iranian communications system and collected a lot of information that was passed on to the security forces in Israel,” the group posted on Telegram Friday morning. “We know there are some Iranians here who support the Revolutionary Guards, and we would like to contact them personally. Stop raising red flags and start raising a white flag. The madness will take you all to the dustbin of history.”

The attack was the latest launched in Iran and other Middle Eastern countries by WeRedEvils, a cyber group that appeared in the wake of the Hamas terrorist attack on Israel in October 2023. This incident comes amid growing tensions with Iranian leaders following the Israeli attack this week in Tehran that killed Ismail Haniyeh, Hamas’ political leader.

Israel, U.S. Prepare for Iran Retaliation

Iran reportedly is preparing to attack Israel in response to the assassination, which initially was reported as a missile strike. However, The New York Times reported that Haniyeh was killed by an explosive device that had been smuggled into a guest house months ago. The killing reportedly was carried out by the Israeli military.

The Biden Administration is concerned about retaliation by Iran and is planning to counter any attack on Israel, according to unnamed government officials quoted by Axios. Iranian leaders have said the country will respond to the assassination, and U.S. officials expect other entities, including Hezbollah in Lebanon, to participate in a retaliatory attack.

Other Cyberattacks

WeRedEvils has claimed responsibility for several attacks in Iran. In October 2023, the group said it had hacked into Iran’s oil infrastructure systems, writing in a Telegram message that the hackers “managed to get our hands on vital and sensitive software that we will not go into detail about here, we are sure that Iran already understands the extent of the damage it currently has.”

They added that “as we know and have seen in the past such rigs and reactors in certain cases can cause mass destruction in the event of internal leaks or overheating,” according to The Jerusalem Post.

That same month, the group said it had disabled the electrical grid in Tehran and surrounding villages for two hours, the Israel National News site reported. Again, writing on Telegram, WeRedEvils wrote that it had “cut off their electricity, and we left tens of thousands of residents without a means of communication and electricity for two hours until this moment. This is a message from us to Iran: don’t play with fire. The next strike will be harder with many more harmed, and it will be different from the cyber attacks that you’re familiar with.”

In November, the cyber group said it had blocked the WhatsApp accounts of members of the Hadid family in response to remarks made by Mohamed Hadid, whose real estate development company builds luxury hotels, that insulted Israel.

The hackers also said they were able to shut down the Tasnim News Agency, a semi-official organ of Iran’s Revolutionary Guard that was launched in 2012. They reportedly were responsible for cutting off internet services in Yemen in early November in retaliation for missiles launched by Houthi militia in that country.

WeRedEvils has been operating in a non-official capacity since the beginning of the Israel-Hamas war and continues to target systems in foreign countries, claiming responsibility for significant disruptions.