Hackers push anti-Iranian government messages to millions via breached app
An Iranian-focused hacking group known as Black Reward that has a history of going after the Iranian government announced a new attack late Thursday, this time targeting a financial services app that millions of Iranians use for digital transactions.
“Death to Khamenei,” the messages read according to a Google translation of screenshots the group posted online. “We return to the street because the revolution continues. For woman, life, freedom,” the message read, along with the hashtag “#MahsaAmini,” a reference to the Iranian woman killed in police custody in September 2022, sparking waves of nationwide protests.
“As we all know, the fire of the revolution may calm down, but it will never be extinguished,” a message posted to the group’s Telegram channel read, according to a translation. “Blackreward hacking group belongs to the people and will stay with the people until victory.”
The message was pushed through the 780 app, which facilitates financial transactions for online shopping, bill payment, bank balance information, and more, according to the developer of the app. The company claims to have more than 6 million users. Multiple people took to Twitter late Thursday and into Friday to share videos of the alerts and comment on the messages.
The company did not respond to a request for comment.
Black Reward emerged on Telegram on Sept. 25, 2022, a little more than a week after Amini’s death. In October 2022, the group released what it said was the Iranian government’s private correspondence with the International Atomic Energy Agency. The Iranian government blamed the hack on “unauthorized access from a specific foreign country,” but did not attribute more specifically than that.
The group told CyberScoop at the time that it was made up of Iranians and “whatever the Islamic Republic says is a lie. We fight against the regime in support of women, life, and freedom.”
The group’s Telegram channel, which has more than 87,000 subscribers, had been dormant since Feb. 28 when it posted the second part of an alleged hack of the Fars news agency, which is managed by the Islamic Revolutionary Guard Corps (IRGC).
Black Reward did not respond to a request for comment on Friday.