Hacktivists Target Iran’s Foreign Ministry, Leak Trove Of Data

An ID card of IRGC’s Basij paramilitary forces belonging to Iran’s Foreign Minister Hossein Amir-Abdollahian was among the documents leaked on May 7, 2023
An ID card of IRGC’s Basij paramilitary forces belonging to Iran’s Foreign Minister Hossein Amir-Abdollahian was among the documents leaked on May 7, 2023

An Iranian group has hacked into the Islamic Republic’s foreign ministry servers, disabling 210 sites and online services and leaking a large batch of documents. 

The hacktivist group ‘Uprising till Overthrow', affiliated with the Albania-based opposition Mujahideen-e Khalq (MEK) group, released hundreds of identification documents, minutes of meetings, the ministry’s correspondence, phone numbers of ministry officials, and the names of 11,000 employees of the foreign ministry, among others. 

A sample of the leaked documents
A sample of the leaked documents

According to the telegram channel of the hackers, all the sites related to the ministry such as the Islamic Republic’s embassies, and affiliated organizations were targeted, showing a landing page with photos of the leaders of MEK as well as photos of Iran’s Supreme Leader Ali Khamenei and President Raisi with red crosses over them. 

Also on the page, there were slogans of “Death to Khamenei” and “Hail to Rajavi”, the current leader of the opposition group. “There is a great revolution underway in Iran. The uprising will continue until the palace of oppression is demolished. Iran’s democratic revolution will be victorious,” read the message on the pages. Most of the pages were down midday on Sunday. 

A screenshot of one of Iran’s Foreign Ministry’s websites after a hack by hacktivist group ‘Uprising till Overthrow' on May 7, 2023
A screenshot of one of Iran’s Foreign Ministry’s websites after a hack by hacktivist group ‘Uprising till Overthrow' on May 7, 2023

The ‘Uprising till Overthrow' had already hacked and deactivated several regime’s websites and services. In June 2022, it hacked over 5,000 security cameras of state bodies and 150 websites belonging to Tehran Municipality, displaying similar slogans on the websites and releasing internal data. 

The hack comes after another cyberassault in March on the portal of the Ministry of Culture and Islamic Guidance (Ershad) and its affiliated websites showing the photos of the Rajavis and calling for the death of the country’s supreme leader. 

Since the beginning of the current wave of protests in mid-September, several hacking groups have targeted state websites and online services. They have released numerous documents and have disrupted hundreds of surveillance cameras. 

The documents leaked on Sunday also revealed the Islamic Republic’s continuous efforts and correspondence with European officials to finalize a prisoner swap deal with Belgium, which would see jailed Iranian diplomat Asadollah Assadi released in exchange for the detained Belgian aid worker Olivier Vandecasteele. 

The Belgian Constitutional Court upheld a prisoner exchange treaty with Iran in March that could result in Assadi being swapped for Vandecasteele. The MEK mounted a fierce campaign against the deal, challenging the extradition. 

Former Iranian embassy attaché, Asadollah Asadi, 51, is currently serving a 20-year sentence in Belgium for alleged attempted murder and involvement in terrorism for his role in plotting a bomb attack during an MEK event near Paris in 2018. Asadi, the only Iranian diplomat ever brought to trial in Europe for direct involvement in terrorism was arrested in Germany, where he did not enjoy diplomatic immunity while he was on holiday. German authorities later extradited Assadi to Belgium. He was a diplomat in Iran’s embassy in Austria.

Iranian diplomat Asadollah Assadi (left) and Belgian aid worker Olivier Vandecasteele
Iranian diplomat Asadollah Assadi (left) and Belgian aid worker Olivier Vandecasteele

Security forces in Iran arrested aid worker Olivier Vandecasteele, 41, who has worked in a variety of humanitarian agencies since at least 2006. In January, the Islamic Republic’s judiciary sentenced Vandecasteele, who was detained in 2022, to 40 years in prison and 74 lashes for alleged “spying and cooperation with the United States, money laundering and smuggling $500,000 out of Iran.” 

Iran has been accused of wrongfully detaining at least a dozen foreign and dual nationals on trumped up charges, effectively as hostages to extract concessions from Western governments. Most of them are held on spurious spying charges.