Iranian airline Mahan Air was hit by a cyberattack on Sunday morning and the “Hooshyarane Vatan” hacker group claimed responsibility, alleging that it had obtained documents linking the airline to the Islamic Revolutionary Guard Corps.
The company admitted that it had been the victim of an attack, but said it had managed to thwarted it.
Although it is initially unclear what was taken, if the hack was successful, it could be a smaller version of at least two other operations that attempted to embarrass the Islamic Republic and pummel its credibility with the West.
Since 2011, the US has had Mahan Air on a sanctions list “for providing financial, material, or technological support for or to the IRGC-QF.”
A 2019 US Treasury statement reads: “Mahan Air has transported IRGC-QF operatives, weapons, equipment, and funds abroad in support of the IRGC-QF’s regional operations, and has also moved weapons and personnel for Hezbollah.
“Since the onset of the Syrian civil war, Mahan Air has routinely flown fighters and materiel to Syria to prop up the Assad regime, which has contributed to mass atrocities and displacement of civilians.”
Despite the prior designation and evidence, the new hack may provide further embarrassing evidence at a sensitive time for the Islamic Republic leading into nuclear negotiations with world powers next week.
In August, a hacker group called Edalat-e Ali (Ali’s Justice) hacked the security cameras of an infamous Iranian prison and stole footage of the prison guards brutally beating prisoners.
That footage caused a global outcry and a rare admission of guilt and apology by Iranian prison officials.
On January 31, 2018, the Mossad seized Iran’s secret nuclear archives from the heart of Tehran, and former prime minister Benjamin Netanyahu later used information from the heist to put the ayatollahs under heavily increased pressure from the IAEA.
The voluminous nuclear archives information helped Netanyahu claim “Iran lied” about its long-term plans and about several undeclared nuclear sites, leading the IAEA to condemn the Islamic Republic in June 2020 for the first time in years.
According to Iran’s Fars News Agency, Mahan Air said on Sunday that such attacks had been carried out against the company “many times.”
“This is considered a normal occurrence and Mahan’s Cyber Security Team has always acted intelligently and in a timely manner to neutralize these attacks,” said the company, adding that all flights were on schedule and that the company would update if any flights were disrupted.
Despite the claims by the company, Hooshyarane Vatan claimed that it was able to obtain internal documents, emails and reports from Mahan Air’s systems that contained indications of the airline’s connections to the IRGC.
The group also claimed that the company was able to detect the breach, but failed to stop it.
Hooshyarane Vatan tweeted, “The IRGC is responsible for [the] attempted genocide of the Ahwaz people through planned neglect. Stopping the river, poisoning animals and torturing innocent people. #FreeIran #Ahwaz #IRGC #MahanAir #No2IR #IranProtests.”
Further, it said, “We the Vigilant of the Nation have carried out a cyber operation targeting Mahan Air, the heart of the IRGCs smuggling operation #mahanair #IRGC #No2IR #FreeIran #Ahwaz. If you have booked a flight with Mahan Air, we apologize to you but you might want to look elsewhere. Until there is justice for the Ahwaz, we will continue to expose the corruption of the regime.”
ما گروه هوشیاران وطن علیه شرکت #ماهان_ایر بعنوان قلب تپنده عملیات قاچاقی #سپاه_پاسداران عملیات سایبری انجام دادیم. #اهواز #نه_به_جمهوري_اسلامي #IranProtests #MahanAir pic.twitter.com/bBkfBKJ4uK
— Hooshyarane Vatan (@Hooshyaran1) November 21, 2021
Earlier in November, the group tweeted, “Police in #Ahwaz shot 29yr old Sanaz Mohammadian in the head three times by ‘accident’, the police then fled, there is no justice for the regimes murderers and thugs in Ahwaz.”
The Ahwaz minority is one of many oppressed minorities in Iran which carry out various cyber and physical operations against the regime periodically.
However, these groups reportedly also frequently receive technological and other assistance from Israel, the US and other countries that have ongoing issues with Iran.
Mahan Airlines is one of around a half-a-dozen civilian airlines that Iran allegedly uses to smuggle weapons and IRGC operatives across the Middle East.