Last month, Iran witnessed a massive cyber attack targeting its banking system, which led to a multi-million dollar ransom being paid to hackers in an attempt to stop the leak of sensitive data. According to Politico magazine.

According to informed sources, this attack becomes one of the largest breaches that the country has faced in its cyber history.

The attack behind the IR Leaks group, known for its track record of hacking Iranian companies, threatened to expose the personal and financial data of millions of Iranians.

The hackers initially demanded a ransom of $10 million in digital currencies, but they ultimately agreed to only $3 million not to publish the data.

Iran has reportedly not publicly acknowledged the attack, which forced banks to close several ATMs across the country in mid-August. Although opposition media reported the attack at the time, the identity of the hackers or details of the ransom were not officially revealed.

According to Western officials and analysts, the Iranian company Tosun, which provides data services to the financial sector, paid the ransom on behalf of the Iranian regime.

The hackers used “Tosun” as an entrance to hack the data of 20 Iranian banks, including the Bank of Industry and Mining, the Iranian Postal Bank, and the Central Bank.

It is believed that Iran was forced to pay the ransom for fear that publishing the data would destabilize the financial system in crisis in light of the ongoing international sanctions.

With inflation reaching 40 percent, Iranians rely on digital transactions, making any shake-up in the financial system a major source of concern.

Although Iran's Supreme Leader, Ayatollah Ali Khamenei, referred in a vague speech after the attack to enemies' attempts to destabilize the country, he did not officially acknowledge that the cyberattack was behind those accusations.

Investigations indicate that “IR Leaks” may be an independent group not linked to the governments of hostile countries such as the United States or Israel, despite the ongoing tensions between Iran and these countries. This shows that the main motive behind the attack may have been purely financial, and not part of a political campaign.

The latest attack is not the first of its kind in Iran, as IR Leaks has previously carried out other hacks, such as stealing data from Iranian insurance companies last December. As such operations increase around the world, questions arise about the readiness of Iranian banks and companies to confront these threats in the future.

The Iranian financial sector is already suffering from structural crises, and faces challenges related to capital shortages and non-performing loans. With new threats such as those that emerged through this cyber attack, it appears that the Iranian banking system will remain vulnerable to further attacks unless its defensive capabilities are seriously strengthened.