The Iranian Atomic Energy Organization has dismissed allegations that a subsidiary’s email systems were breached, exposing crucial operating information about a nuclear power facility. Recently, an activist group going by the name Black Reward claimed to be from Iran and posted on Telegram that it had gained access to an email server run by a business connected to Iran’s Atomic Energy Organization and exfiltrated 324 inboxes containing more than 100,000 messages and 50G worth of files.
According to Black Reward, the haul’s contents include blueprints for a nuclear power facility, the personal information of Iranian employees of the Organization, and the passport information of Russian engineers who help Iran with its nuclear energy operations. The haul, which Black Reward has also described on Twitter, supposedly includes technical data and reports. The cache also contains correspondence with the International Atomic Energy Agency.
The Twitter bio for Black Reward claimed that the organization is a part of the Iranian hacking scene but is hostile to that country’s theocratic regime, which it characterizes as criminal. The organization appears to have picked this time to take action since Mahsa Amini’s death sparked protests across Iran. Amini passed away after being detained for breaking Iran’s strict dress code for women. According to video evidence, Amini may have died due to injuries she sustained during a police beating, but the government maintains the 22-year-old had a sudden heart attack.
Since Amini’s passing in late September 2022, anti-government demonstrations have erupted across Iran, with thousands taking to the streets in considerable personal danger. Numerous others have participated in marches throughout the world. The Iranian authorities have responded with force and by limiting access to social media to prevent word of the demonstrations from spreading.
Black Reward’s assertions that it has access to a vast collection of private information have been rejected by Iran’s Atomic Energy Organization, which argues that the group is a front for Iran’s foreign adversaries and that the purported material release is a publicity ploy. Black Rewards adamantly disagrees and has begun sharing the data to support its claims. It advises accessing the data using a virtual computer since emails sent from the Atomic Energy Organization are infested with viruses.
Most countries assert that Iran’s nuclear program has two objectives, one of which is to assist it in developing atomic weapons. It is believed that Iran’s uranium enrichment capabilities were hurt by the Stuxnet worm, an infamous piece of software, to postpone the development of nuclear weapons. Similar cyberattacks might be possible if Iran’s nuclear infrastructure activities were made public. As Iran is subject to continuous inspections of its operations to ensure safety and that the country is not seeking to create weapons of mass destruction, leaking correspondence with the International Atomic Energy Agency might also harm Iran.