
The hacktivist collective known as Predatory Sparrow, or by its Persian moniker “Gonjeshke Darande,” has claimed responsibility for a major cyberattack against Iran’s Sepah Bank, allegedly carried out on June 17. According to the group, the assault resulted in the destruction of critical data related to the bank’s operations, which the attackers explicitly link to the Islamic Revolutionary Guard Corps (IRGC).
The group stated that Bank Sepah was deliberately targeted due to its alleged central role in circumventing international sanctions and financing “terrorist proxies,” ballistic missile development, and Iran’s military nuclear ambitions. They emphasized that the resources involved were not drawn from state reserves, but rather from the wealth of ordinary Iranian citizens—framing the operation as an act of justice.
Independent news outlet Iran International reported significant disruptions within the nation’s banking infrastructure. Several Sepah Bank branches were shuttered, and customers found themselves unable to access their accounts. One user posted images of Iranian ATMs displaying error messages on their screens.
Attempts to verify the group’s claims proved inconclusive—emails sent to official Bank Sepah addresses in Iran bounced back due to delivery errors, and attempts to contact the bank’s offices in the UK and Italy were unsuccessful. Predatory Sparrow has not issued any further comments.
The incident unfolds against the backdrop of escalating tensions between Israel and Iran. In recent days, Israel has conducted strikes on Iranian targets, including nuclear facilities, military bases, and senior officers. This adds weight to the theory that the bank attack may be part of a broader, coordinated campaign aimed at undermining Iran’s strategic infrastructure.
The identities behind Predatory Sparrow remain unknown. However, cybersecurity experts regard their operations as both credible and technically sophisticated. A Mandiant analyst noted that the group exhibits not mere incendiary rhetoric, but demonstrable capability. Former NSA official Rob Joyce recalled earlier attacks by the group on steel plants and fuel stations in Iran, which caused widespread disruption, fires, and halted industrial processes. This latest incident appears to be a continuation of that pressure campaign—this time striking at the heart of Iran’s financial sector.