Hackers push anti-Iranian government messages to millions via breached app

The apparent hack comes just ahead of the one-year anniversary of the death of Mahsa Amini, the Iranian woman who died in police custody.
A portrait of 22-year-old Mahsa Amini, who died after being detained on the grounds she did not comply with the headscarf rules, near the Iranian consulate on Oct. 31, 2022, in İstanbul, Turkey. (Photo by Omer Kuscu/ dia images via Getty Images)

An Iranian-focused hacking group known as Black Reward that has a history of going after the Iranian government announced a new attack late Thursday, this time targeting a financial services app that millions of Iranians use for digital transactions.

“Death to Khamenei,” the messages read according to a Google translation of screenshots the group posted online. “We return to the street because the revolution continues. For woman, life, freedom,” the message read, along with the hashtag “#MahsaAmini,” a reference to the Iranian woman killed in police custody in September 2022, sparking waves of nationwide protests.

“As we all know, the fire of the revolution may calm down, but it will never be extinguished,” a message posted to the group’s Telegram channel read, according to a translation. “Blackreward hacking group belongs to the people and will stay with the people until victory.”

The message was pushed through the 780 app, which facilitates financial transactions for online shopping, bill payment, bank balance information, and more, according to the developer of the app. The company claims to have more than 6 million users. Multiple people took to Twitter late Thursday and into Friday to share videos of the alerts and comment on the messages.

Tweet discussing the apparent hack late Thursday.

The company did not respond to a request for comment.

Black Reward emerged on Telegram on Sept. 25, 2022, a little more than a week after Amini’s death. In October 2022, the group released what it said was the Iranian government’s private correspondence with the International Atomic Energy Agency. The Iranian government blamed the hack on “unauthorized access from a specific foreign country,” but did not attribute more specifically than that.

The group told CyberScoop at the time that it was made up of Iranians and “whatever the Islamic Republic says is a lie. We fight against the regime in support of women, life, and freedom.”

The group’s Telegram channel, which has more than 87,000 subscribers, had been dormant since Feb. 28 when it posted the second part of an alleged hack of the Fars news agency, which is managed by the Islamic Revolutionary Guard Corps (IRGC).


Black Reward did not respond to a request for comment on Friday.

Latest Podcasts