Hacker group APT Iran has infiltrated the cyber infrastructure of Iran’s Railway Company in the latest such attack on government networks, with documents revealing mandates for female employees to wear Islamic attire. The Cyberban News Agency confirmed the hack from the anti-government group though the agency downplayed the extent of the breach, dismissing reports of an attack on the main railway infrastructure as propaganda.
APT Iran claimed the breach aimed to alert railway officials about security lapses after previous breaches of the IranCell Communication Services Company and State Organization for Registration of Deeds and Properties.
Among the leaked documents is a directive signed by Mohsen Tabatabaei Atabak, the Director General of Planning and Monitoring of Passenger Services, outlining guidelines for employee conduct, including adherence to mandatory hijab for female staff. The guidelines specify attire requirements, emphasising “loose and long garments made of thick fabrics” and complete hair coverage.
The hackers also exposed identity documents, internal reports, and wagon maps.
The incident is the latest in a series of cyber-attacks targeting Iran’s government institutions, including its Railway Company. In July 2021, the hacker group Gonjeshk-e-Darande disrupted railway operations by infiltrating the Ministry of Roads and Urban Development and forcing a switch to manual train management.
Last month, the hacktivist group Edalat-e Ali disclosed a major breach in the servers of the Iranian judiciary, boasting access to a vast repository comprising millions of files and a treasure trove of confidential documents. Cyber expert Amin Sabeti recently told Iran International that hacks on government facilities are likely to continue amid the ongoing unrest. Last month, a major hack of the parliament’s servers brought to light troves of documents, including the income of lawmakers and US sanctions evasions.
