What you’re describing points to a coordinated disruption affecting core banking infrastructure inside Iran, rather than a single isolated hack.
The affected institutions — including Bank Melli Iran, Bank Saderat Iran, and Bank Tejarat — form part of Iran’s major state-linked financial network, so even limited technical disruption can ripple quickly into card payments, ATMs, and point-of-sale systems nationwide.
Based on the structure of the incident as reported, there are two distinct phases:
First, a broader disruption reportedly began earlier (around mid-June), targeting shared banking communication infrastructure. That kind of system typically sits between banks and payment networks, so it can affect multiple institutions at once without directly breaching individual bank databases.
Second, the newer wave appears more operationally targeted at card-based services specifically — which is why ATM transactions, POS terminals, and mobile banking tied to card rails were all affected simultaneously. That pattern usually suggests either:
interference with payment-switch infrastructure, or
a defensive shutdown after detecting suspicious access attempts.
Importantly, Iranian officials have stated that customer data was not compromised in the earlier incident. That distinction matters: it suggests service disruption rather than confirmed data exfiltration or permanent system breach, though independent verification is limited in such environments.
As for attribution, nothing has been officially confirmed. Iranian authorities have historically attributed similar cyber incidents to foreign hostile actors, often pointing toward Israel or affiliated groups, but those claims are typically not independently verified, and in this case no actor has publicly taken responsibility.
What makes this notable is less just the technical impact and more the strategic pattern: banking systems are increasingly becoming a pressure point in cyber conflict because they sit at the intersection of civilian life and national infrastructure. Even short disruptions to card payments can create immediate public stress, making them high-impact targets.
So, while the technical details are still emerging, the incident fits a broader trend of escalating cyber pressure on financial infrastructure in geopolitically sensitive environments — where disruption itself, rather than data theft, may be the primary objective.
