-
A dark web user claims that he stole Iranian nuclear data and will publish it on May 15, unless he receives a ransom for it.
-
There are claims that these stolen files contain information related to nuclear programs, government databases, and nuclear facility documentation.
-
In the past few months, the Iranian nuclear infrastructure has suffered multiple breaches, exposing employee contracts, facility maps, employee paychecks, and Bushehr power plant equipment specification, amongst other items.
According to a recent report, a hacker operating on the dark web has obtained approximately 78 gigabytes of classified data from Iranian nuclear infrastructure and governmental databases. The hacker demands a payment of €5000 (almost $6000 USD); he states that he will disclose all data publicly on May 15 if his demands are not met.
The stolen cache supposedly includes documents tied to Iran’s atomic energy program, government records, and nuclear facility materials. The criminal follows a common scheme where payment prevents disclosure of the stolen files.
Security experts advise treating these claims with skepticism; underground forum posts frequently overstate the value of stolen data or reuse previously leaked information. No independent verification of this dataset exists at this time.
Stolen Files Contain Nuclear Program Documents and Government Records
The hacker’s listing describes a massive collection of sensitive Iranian materials. According to the dark web post, the 77.56 gigabytes include documents directly connected to the country’s atomic energy efforts.
The dataset supposedly holds state databases covering various government operations. Also, the criminal claims possession of records from nuclear sites, though the posting does not name specific locations.
If genuine, this breach would represent one of the largest documented leaks of Iranian nuclear information. Past incidents involved smaller data volumes, including a 50-gigabyte hack of Iran’s Atomic Energy Production and Development Company in April.
That earlier attack, carried out by a hacktivist group called Black Reward, exposed contracts with domestic and international partners, management schedules for the Bushehr nuclear plant, employee identity information, salary statements, and passports, along with visas for Iranian and Russian workers at the facility.
The Bushehr facility has been a recurring target. Another hacker recently claimed to have stolen 890GB of data from Iranian nuclear infrastructure following an attack on the same Bushehr plant, a significantly larger claim than the current 78GB listing.
Previous Iranian Nuclear Breaches Reveal Types of Exposed Information
The April attack on Iran’s Atomic Energy Production and Development Company offers clues about what this new attack might hold. Hacktivists compromised the subsidiary’s email server and released sample materials, including facility layouts, worker agreements, and operational timetables.
Iran’s Atomic Energy Organization acknowledged the incident, and they labeled it an unauthorized access by a source originating from a specific foreign country. However, officials played down the importance of the exposed files, describing them as technical messages and normal daily exchanges.
Also, the Black Reward group published a brief video clip from a claimed nuclear site and documents containing agreements, maps, and worker salary statements. The group threatened further releases unless Iran freed all political prisoners and protest detainees.
In another incident in April, hackers reportedly breached Russia’s state nuclear corporation Rosatom and obtained hundreds of gigabytes of internal information. Those leaked files contained documents about Rosatom’s partnership with Iran’s nuclear program, including detailed specifications for critical equipment destined for Iran’s Bushehr atomic plant.
Cyber Attacks on Iranian Nuclear Infrastructure Keep Increasing
Iran has recorded multiple digital intrusions targeting its nuclear facilities over the past year. The Atomic Energy Organization has acknowledged several hacking attempts, though officials consistently minimize the significance of exposed materials.
Iran has blamed foreign governments for these attacks without providing public evidence. The government typically characterizes such incidents as psychological operations meant to distract public attention.
Iran’s Islamic Revolutionary Guard Corps has multiple advanced persistent threat actor groups that can conduct offensive cyber operations. There has also been a pattern of public threats of digital retaliation from Iran against nations they consider adversarial.
For the ransom demand incident, as its May 15 deadline gets closer, security experts will keep a close eye on underground forums for any potential data release. If the hacker has exaggerated the actual magnitude of the breach, just the claim may create pressure on Iran.
