Advertisement

Voting is open for the 2024 CyberScoop 50 awards! 

Click here!

IRGC hacked a Swedish SMS service in response to Quran burning, authorities say

The Swedish Public Prosecutor’s Office said the Iranian hacking unit pushed 15,000 texts after breaching an unnamed telecom firm.

By

People take part in an anti-Sweden demonstration in Lahore on July 9, 2023, as they protest against the burning of the Koran outside a Stockholm mosque that outraged Muslims around the world. (Photo by ARIF ALI/AFP via Getty Images)

A hacking unit working with the Iranian government penetrated a Swedish telecommunications firm in August 2023 and pushed 15,000 text messages calling for revenge against people who burned the Quran, Swedish authorities said Tuesday.

Using a persona they dubbed “Anzu Team,” hackers working with the Islamic Revolutionary Guard Corps (IRGC) penetrated an unnamed Swedish company that operated a “major” SMS service and used the access to push the text messages, the Swedish Public Prosecutor’s office said in a statement, according to a machine translation.

Fredrik Hallström, operational manager of the Swedish federal police, said in a statement that the goal of the Iranian operation was “to paint the image of Sweden as an Islamaphobic country and create division in society,” according to a machine translation. “The security police know that foreign powers like Iran act on opportunities that arise to create division and strengthen their own regime. By exploiting vulnerabilities, cyber threat actors can gain access to systems that are then exploited at the right time.”

The hack and subsequent influence operation came weeks after two men tore pages out of the Quran and burned them outside of a mosque in Stockholm, the New York Times reported at the time. The burning occurred during the Muslim holy day of Eid al-Adha, and caused uproar across the Muslim world, the Times reported. 

Advertisement

A request for comment sent to the Permanent Mission of the Islamic Republic of Iran was not immediately returned Wednesday.

A Telegram channel created July 31, 2023, under the name “AnzuTeam” included links to a website, a dark web website, and a Facebook account. The admin message posted to the chat said “we will punish the insulters of holy books and the governments that support them.” 

An image posted Aug. 1, 2023, depicted two men on fire alongside an image of a map of Europe, showing Sweden’s borders on fire as well. The next day a message posted to the channel offered $50,000 rewards for information on two men the group blamed for the incident, and posted screenshots claiming successful distributed denial-of-service attacks on various Swedish government websites.

AJ Vicens

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

KFAR AZA, ISRAEL – OCTOBER 10: Israeli soldiers patrol, searching for Palestinians militants near kibbutz Kfar Aza near the border with Gaza on October 10, 2023 in Kfar Gaza, Israel. (Amir Levy/Getty Images)

Savvy Israel-linked hacking group reemerges amid Gaza fighting

Predatory Sparrow, which has been linked to an attack on an Iranian steel facility last year, reemerged after a long hiatus Monday.
By AJ Vicens

Latest Podcasts

How organizations are handling AI security

Trellix’s John Fokker on the latest cybercriminal snapshot

How states are navigating the move to mobile driver’s licenses

We’re back! RunSafe CEO Joe Saunders on secure-by-design in IoT devices

Government

Technology

Threats

Geopolitics