Group threatens ayatollah in hack of Iranian Foreign Ministry, then leaks trove of sensitive data
An Iranian "Hacktivist" group gained access to Iran's Foreign Ministry servers and leaked a trove of data before defacing the ministry's website.
The group, called GhyamSarnegouni, translated as "Rise to Overthrow," announced on its website Sunday it was responsible for taking down websites belonging to Iran's Foreign Ministry. The group also leaked a trove of data, including identification documents, ministry correspondence, phone numbers, and the names of over 11,000 of the ministry's employees, according to a report from Iran International.
The official Iranian Foreign Ministry website remained down as of late Sunday morning, displaying a message that said it was "undergoing scheduled maintenance and upgrades."
HACKERS BREACH IRAN’S ATOMIC ENERGY AGENCY, PROTESTS PERSIST
Earlier Sunday, versions of the Iranian Foreign Ministry website in Dubai, United Arab Emirates, Munich, Germany, and Seoul, South Korea, were hacked with a message targeting Iranian Supreme Leader Ayatollah Ali Khamenei.
"Death to Khamenei, Hail Rajavi," read the message.
Rajavi likely refers to the missing leader of the Iranian exile group Mujahedeen-e-Khalq or his wife Maryam, who has become the public face of the group, according to The Associated Press.
"There is a great revolution in Iran, the uprising will go until the demolition of the palace of oppression," the message continued.
IRAN PROTESTS TRIGGER SOLIDARITY RALLIES IN US, EUROPE
Hacking groups have increasingly targeted the websites and services of official government agencies since anti-regime protests began sweeping the country last year, including a hack of over 5,000 government security cameras and 150 websites belonging to the local government in Tehran. Hackers were also able to breach Iran's atomic energy agency in October of last year.
Documents obtained in the latest hack revealed correspondence between Iran and European officials over a proposed prisoner swap of Iranian diplomat Asadollah Assadi, who is being held in Belgium, for Belgian aid worker Olivier Vandecasteele, according to Iran International.
Assadi is serving a 20-year sentence in Belgium for his role in plotting a bombing attack against an Iranian resistance group meeting near Paris in 2018. Vandecasteele was arrested by Iranian security forces in 2022 and faces allegations of "spying and cooperation with the United States, money laundering and smuggling $500,000 out of Iran."
Vandecasteele was sentenced in January to 40 years in prison and 74 lashes for the charges the Belgian government has call "arbitrary."