The history of Iranian hacker culture can be traced back to 2002 when Iranian hackers congregated in forums and executed cybersecurity attacks against governments and large companies around the world. These forums have resulted in a number of high-profile cyber security scandals throughout the years, causing large monetary damages.

Many reports from notable agencies indicate the involvement of Iranian hackers in a number of cybersecurity attacks since the last 20 years. These attacks focus primarily on international conglomerates, oil and gas companies, and systems critical to the infrastructure.

The Saudi Aramco Attack
On August 15th on the Muslim Holy Night 55000 employees of Saudi Aramco stayed home to pray, the most notorious act of computer sabotage to date was committed. A virus was released to wipe out large amounts of data on three-quarters of Aramco’s employee computers and replacing it with a burning American flag. US Intelligence pointed towards Iranian hackers whose identities have never been revealed.

Systematic Attacks against US Banks
From August 2011 to 2013, a number of systematic and sophisticated Denial of Service (DoS) attacks were launched against the top banking firm of the US. Seven Iranian hackers were accused by the US government and said to have attacked around a dozen banks causes millions of dollars in losses. Targeted companies include world-renowned firms such as JPMorgan Chase, American Express, Wells Fargo and AT&T.

SamSam Ransomware Attack
Affecting 200 people and costing $30 million on damages, the SamSam ransomware attack targeted the major cities of the US. US Justice Department pointed to two Iranian hackers who targeted hospitals and city systems to extort huge sums of money. Hackers who targeted HBO to leak episodes from the series Game of Thrones allegedly hailed from Iran as well.

According to recent research by Recorded Future, a forum called Ashiyane has been an active platform for Iranian hackers to discuss and execute successful cyber attacks all over the world. With 20,000 users, Ashiyane is revealed to have direct links with the Islamic Revolutionary Guard Corps in Iran. Hackers on the forum considered themselves to be grey hat hackers, a term that indicates a grey area between black and white hackers. Forum’s history shows discussions on how to execute Distributed denial of service (DDoS) attacks along with some other common cyber attacks.
However, the forum was shut down in 2018 and sources report that it was due to their involvement in gambling. After the fall of Ashiyane, no alternative forum has been seen so far but small forums have been attracting a similar following.

Iranian hackers have been involved in a number of sophisticated cyber security attacks around the world, causing massive monetary damages according to a report released in March 2019. Researchers at Microsoft have revealed that the attackers have stolen crucial information, damaged data and targeted thousands of people in over 200 companies since the last two years.
The attacks were linked to a group known as Holmium and an Iranian group called APT33 which was also said to be involved with them. According to the report, the hackers have a focus on oil and gas companies, international corporations and giant manufacturers based in countries such as the US, Saudi Arabia, Britain, and India.

In the wake of these damaging attacks, countries around the world are becoming more aware of Iran’s formidable and fast-growing cyber capabilities.