Once more sweeping Iran, a wave of cyber devastation targets its financial nerve centers. Already notorious for planning some of the most advanced cyberattacks in recent memory, the hacker group Predatory Sparrow hit Wednesday with deliberate accuracy.

Their most recent activities devastated Sepah Bank, a state-owned financial institution, and Nobitex, Iran’s biggest bitcoin exchange, leaving a path of digital damage and financial uncertainty.

That was not your usual cybercrime, though.

Blockchain analytics company Elliptic claims the hackers burned more than $90 million in digital assets on Nobitex—not stolen, not transferred for ransom—burned on purpose. The crypto was transferred into wallet addresses starting with statements as pointed as they were irreversible, “FuckIRGCterrorists.” Nobody can either control or get back these “vanity” addresses. The money is gone permanently.

According to Tom Robinson, co-founder of Elliptic, this act was politically symbolic rather than financially motivated. “They had no interest in money. They intended to send a message and demolish it.

The lesson is, according to the hackers, that Nobitex was an arm of the Iranian government used to finance terrorism and get around sanctions. Predatory Sparrow’s post on X (formerly Twitter) claimed links to IRGC operatives, Hamas, the Houthi movement in Yemen, and Palestinian Islamic Jihad.

Elliptic’s investigation verified that Nobitex indeed handled transactions for wallets connected to approved companies.

Not too long after the announcement, Nobitex’s website crashed. There is no official statement available; thus, Iranian users are left wondering if their assets have been wiped off in one fell swoop.

Predatory Sparrow still had unfinished business, though.

Later that same day, they took ownership of another cyberattack, this one directed against Sepah Bank, one of Iran’s most established and strong financial institutions, well-known for ties to the Islamic Revolutionary Guard Corps (IRGC) and the nation’s ballistic missile and nuclear program.

The group claimed in a dramatic escalation that it had erased all bank internal data. They uploaded apparently leaked agreements between Sepah Bank and Iranian military organizations. The alert accompanying the files was clear: “Caution: Aligning with terror financing infrastructure could destroy your assets.” Who next?

According to Swedish Iranian cybersecurity analyst Hamid Kashfi, founder of DarkCell, the damage goes much beyond military concerns. “ATM services throughout Iran were out of commission. People couldn’t get into their accounts, Kashfi said. “This is actual chaos. It is not merely aiming at the government. Affecting millions of common people is this.

The website of Sepah Bank temporarily returned online, but the degree of internal data loss is yet unknown. Maintaining radio silence in the face of public annoyance, the Iranian government has not released a formal statement.

High-impact sabotage is nothing new for predatory Sparrow, sometimes known as Gonjeshke Darande in Farsi. Previously wreaking havoc with rail transportation, disabling payment systems at thousands of gas stations, and in 2022 hijacking of operational systems caused an industrial fire at the Khouzestan Steel Company. The hackers recorded that attack in a now-famous video; it almost resulted in worker deaths.

Although the group bills itself as an Iranian resistance movement, many analysts think it is state-sponsored, most likely by Israel. Their technical capability points to the support of an intelligence agency; their attacks closely match Israeli cyber aims.

“This isn’t amateur hour,” Google’s Mandiant threat division’s chief analyst John Hultquist said. Predatory Sparrow works with surgical exactitude. They deliver when they promise damage.

This most recent action might be among their audiest yet. Eliminating Nobitex has upset a fundamental element of Iran’s sanctions circumvention policy. And by weakening Sepah Bank, they have targeted the core of the financial system supporting Iran’s military aspirations.

The group’s query, “Who’s next?” looms big. Iran is trying to rebuild services and evaluate the damage; the cyber battlefield is still wide open.