Iranian Atomic Energy Agency Attacked by Hackers; Data Stolen

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Iran’s Atomic Energy Organization (AEOI) was hit by hackers last week who claimed to have stolen more than 50 GB of critical documents covering the country’s nuclear program operations.

Thousands of emails, messages, and other types of data were extracted from an email server by a hacktivist group called Black Reward. While AEOI initially denied that it was attacked or had any security issues, Black Reward posted proof of their hack on a Telegram channel and a Twitter post.

According to the data that’s currently revealed, 324 inboxes related to the Energy Production and Development Company in Iran (containing around 100,000 emails) made up the stolen information.

“In short, it includes the information that we make available to the public today, including Iran’s public and private conversations with the International Atomic Energy Agency, contracts and nuclear development agreements with domestic and foreign partners, logistics and strategic plans related to atomic industries, and managing schedules and operation of different parts of Bushehr power plant,” read a translation of the post on Twitter.

The document also listed “identity specifications and legal forms engineers and employees of Iran Atomic Energy Production and Development Company, passports and visas, Iranian and Russian specialists working in Bushehr power plant along with details of trips and missions, details of Bushehr Nuclear Power Plant’s cross-sectional performance status, technical and specialized documentation. All of them are in Farsi, English, and Russian.”

Based on the hackers’ statements, it looks like they are working to compile all of the information together into an easy-to-read format. However, this may take some time considering the sheer quantity of stolen emails. Additionally, they warned anyone looking to download the emails that they may contain malware.

However, AEOI said that the purpose of the breach and the data leak was to attract public attention and smear the image of the agency in the media.

“It is obvious that the purpose of such illegal efforts, which are carried out out of desperation, is to attract public attention, create media atmospheres, and psychological operations, and lack any other value,” reads the translated AEOI statement.

Although it’s unclear if the information contained in the emails may be harmful, AEOI added that it only consists of regular work emails.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment