Pierluigi Paganini June 21, 2025

Iran confirmed an Internet shutdown to counter Israeli cyberattacks, citing threats to critical infrastructure, and interfere with drone control.

Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict.

However, the exact cause behind the collapse of Iran’s internet remains unclear. While the timing coincides with escalating military conflict and a wave of cyberattacks, there is no evidence linking the internet blackout to a specific technical failure, deliberate government action, or external cyber operation.

Initially, the cause of the internet shutdown in the country was unclear, leaving citizens with limited access to information about the war with Israel and hindering communication with loved ones both domestically and abroad.

Now the Iranian government has confirmed that it ordered the shutdown to prevent damage resulting from cyber attacks carried out by Israel.

“According to Khabar Online news agency and based on a Zoomit report, the government spokesman announced that the internet has been restricted due to enemy drones being controlled via the internet and a cyber attack on the country’s basic infrastructure.” states the Iranian website CHN.

“We have already said in advance regarding internet restrictions that if we are forced to, we will definitely turn to the national internet and the global internet will be restricted. Security is the main issue for all of us, and we are witnessing cyber attacks on the country’s basic infrastructure and disruptions in the functioning of banks,” said Fatemeh Mohajerani, a government spokeswoman, in a televised interview.

“Many enemy drones are managed and controlled via the Internet, and a large portion of information is exchanged through this means. A cryptocurrency exchange was also hacked, and with all these issues, we decided to restrict the Internet.” Government spokeswoman Fatemeh Mohajerani added.

Other firms, including Cloudflare, reported internet traffic disruption. The blackout follows several cyberattacks on Iranian institutions, including the major bank Iran’s Bank Sepah. Iranian media claims Israel is waging a “massive cyber war,” prompting authorities to restrict internet access nationwide.

Following the attacks against Iran, the country’s largest crypto exchange, Nobitex, was hacked and threat actors stole funds from its hot wallet.

The pro-Israel hacking group “Predatory Sparrow” claimed responsibility for cyberattacks targeting Iran during ongoing military tensions. The group said it breached crypto exchange Nobitex, accusing Iran of using it to evade sanctions, and reportedly sent the stolen crypto to unusable wallets. Nobitex confirmed the breach and suspended access. The group also claimed to have destroyed data at Iran’s state-owned Bank Sepah, citing IRGC ties. Iran’s Fars news agency warned of possible banking disruptions, including at gas stations.

“Crypto-tracking firms Elliptic and TRM Labs confirmed the crypto was stolen and sent to “wallets” or crypto accounts, with an expletive that referenced Iran’s Islamic Revolutionary Guard Corps (IRGC).” reported CNN World. “In a separate hack on Tuesday, Predatory Sparrow said it had destroyed data at Iran’s state-owned Bank Sepah, claiming IRGC members used the bank’s services as a justification for the action. Iran’s state-affiliated Fars news agency warned of potential disruptions to bank services at gas stations.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Iran)