Advertisement

IRGC hacked a Swedish SMS service in response to Quran burning, authorities say

The Swedish Public Prosecutor’s Office said the Iranian hacking unit pushed 15,000 texts after breaching an unnamed telecom firm.
People take part in an anti-Sweden demonstration in Lahore on July 9, 2023, as they protest against the burning of the Koran outside a Stockholm mosque that outraged Muslims around the world. (Photo by ARIF ALI/AFP via Getty Images)

A hacking unit working with the Iranian government penetrated a Swedish telecommunications firm in August 2023 and pushed 15,000 text messages calling for revenge against people who burned the Quran, Swedish authorities said Tuesday.

Using a persona they dubbed “Anzu Team,” hackers working with the Islamic Revolutionary Guard Corps (IRGC) penetrated an unnamed Swedish company that operated a “major” SMS service and used the access to push the text messages, the Swedish Public Prosecutor’s office said in a statement, according to a machine translation.

Fredrik Hallström, operational manager of the Swedish federal police, said in a statement that the goal of the Iranian operation was “to paint the image of Sweden as an Islamaphobic country and create division in society,” according to a machine translation. “The security police know that foreign powers like Iran act on opportunities that arise to create division and strengthen their own regime. By exploiting vulnerabilities, cyber threat actors can gain access to systems that are then exploited at the right time.”

The hack and subsequent influence operation came weeks after two men tore pages out of the Quran and burned them outside of a mosque in Stockholm, the New York Times reported at the time. The burning occurred during the Muslim holy day of Eid al-Adha, and caused uproar across the Muslim world, the Times reported. 

Advertisement

A request for comment sent to the Permanent Mission of the Islamic Republic of Iran was not immediately returned Wednesday.

A Telegram channel created July 31, 2023, under the name “AnzuTeam” included links to a website, a dark web website, and a Facebook account. The admin message posted to the chat said “we will punish the insulters of holy books and the governments that support them.” 

An image posted Aug. 1, 2023, depicted two men on fire alongside an image of a map of Europe, showing Sweden’s borders on fire as well. The next day a message posted to the channel offered $50,000 rewards for information on two men the group blamed for the incident, and posted screenshots claiming successful distributed denial-of-service attacks on various Swedish government websites.

AJ Vicens

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

Latest Podcasts