Key Points:
- Iran’s state-owned banking technology provider, the Informatics Services Corporation, confirmed a massive cyberattack on card-based banking services.
- The attack forced officials to temporarily take card-related systems, including ATMs and point-of-sale terminals, offline to safeguard customer assets.
- While the tech provider highlighted three major lenders, independent reports indicated up to eight major Iranian banks suffered widespread disruptions.
- The incident follows a separate, highly disruptive cyberattack on June 14 that targeted a shared communications infrastructure utilized by four major banks.
A massive cyberattack has crippled the financial infrastructure of the Islamic Republic of Iran, forcing the state-owned banking technology provider to abruptly take card-based transactions offline across several major financial institutions. According to statements from the Informatics Services Corporation, the cyber offensive targeted and disrupted core card-based services, immediately disabling automated teller machines (ATMs), point-of-sale (POS) terminals, and mobile banking applications. To prevent further unauthorized access and protect customer assets, tech officials took the drastic step of temporarily suspending all card-related operations, throwing local businesses and consumers into a sudden state of financial chaos.
While the Informatics Services Corporation’s initial public announcement focused on three of the country’s most prominent state-backed lenders—Bank Melli, Bank Saderat, and Bank Tejarat—independent local media reports and consumer testimonies indicate that the true scope of the collapse is far broader. Reports from Tehran and other major urban centers suggest that up to eight major financial institutions suffered widespread disruptions during the morning hours. In addition to the three primary lenders, users flagged complete service outages at Pasargad, Mellat, Sepah, Tose’e Ta’avon, and Resalat banks, leaving a vast portion of the nation’s banking population without access to electronic funds.
This latest financial shutdown is not an isolated event but fits into a highly troubling, recurring pattern of systemic infrastructure hacks targeting the Middle Eastern nation. Just over a week ago, on June 14, the country’s banking coordination council announced that a “limited” cyberattack had successfully targeted a shared communications system used by four major lenders: Bank Melli, Bank Tejarat, Bank Saderat, and the Export Development Bank of Iran. That prior incident also caused a massive, multi-day halt in electronic payments, forcing supermarkets and restaurants to manually record purchases on paper as card machines went completely dark.
In an effort to prevent widespread public panic and bank runs, the Central Bank of Iran and regional bank coordination councils have issued strong public reassurances regarding the safety of customer accounts. Officials have repeatedly stated that while the cyberattacks have successfully disrupted daily transaction services and created immense local bottlenecks, no unauthorized access to core customer databases or personal banking files has occurred. Technical experts emphasized that no sensitive financial information has been deleted, leaked, or modified during the security breaches, and that the physical assets of consumers remain completely secure.
Despite the government’s optimistic promises that the latest card-based disruptions would be resolved by Wednesday morning, economic committee members within the Iranian parliament have warned that a full, permanent recovery of the nation’s banking security will take significant time. Tech experts point out that the shared communications infrastructure utilized by the country’s top banks remains highly vulnerable to sophisticated, state-sponsored cyber offensives. Replacing the compromised hardware, upgrading core security protocols, and auditing the country’s walled-garden banking networks could take up to two weeks of intensive work, leaving the financial system highly fragile in the interim.
As of mid-week, Iranian authorities have not released any official statement identifying who they suspect is behind the coordinated cyberattacks. However, in previous years, Tehran has routinely blamed hostile foreign adversaries, particularly Israel and the United States, for executing highly sophisticated digital sabotage operations against its critical national infrastructure. Israel has historically maintained a strict policy of neither confirming nor denying involvement in such incidents. The scale and complexity of back-to-back attacks on the financial sector suggest a highly coordinated, state-sponsored campaign rather than the work of independent, opportunistic hackers.
While state officials remain cautious about pointing fingers, a notorious, domestic hacker collective has claimed credit for some of the recent financial chaos. An Iranian hacktivist group operating under the name “Black Wolves” published a series of posts on the encrypted messaging platform Telegram, claiming responsibility for the devastating June 14 attacks. The group declared that a “silent war” is actively unfolding on the digital front, warning that the country’s critical systems are under continuous, sustained cyberattack. Independent security researchers are currently analyzing the group’s claims to determine whether they possess the highly advanced capabilities required to execute such a massive, multi-bank disruption.
The massive cyber offensive is unfolding against a highly complex geopolitical backdrop, marked by intense diplomatic efforts to preserve regional stability. The digital disruptions in Tehran occurred just as international negotiators met in Switzerland to manage maritime navigation through the strategic Strait of Hormuz and finalize the terms of a tentative U.S.-Iran peace framework. Many regional political analysts view the simultaneous cyberattacks on Iran’s banking sector as a calculated, non-military effort by adversarial nations to keep maximum economic pressure on Tehran, demonstrating that modern geopolitical warfare is increasingly fought on the digital battlefield.
As local technical teams work around the clock to restore normal banking operations, the ongoing financial paralysis has exposed the severe vulnerabilities of Iran’s isolated digital infrastructure. Cut off from global financial systems like SWIFT due to long-standing international sanctions, Iran has spent years constructing its own closed-loop, domestic payment networks. However, as these back-to-back bank hacks demonstrate, an isolated digital garden is not inherently a safe one. Until the country can successfully upgrade its cybersecurity protocols and protect its shared communications channels, its financial system will remain highly vulnerable to sudden, devastating digital blackouts.





