By Pishtaz | 2025-04-03

A hacking group calling itself "Codebreakers" claims to have accessed the financial data of 42 million Bank Sepah customers, Digiato reported March 26.

Bank Sepah public relations chief Reza Hamedanchi swiftly dismissed the claim, saying the bank operates on closed networks and describing its systems as "unhackable and impenetrable," IranWire reported.

But to demonstrate access, the hackers published what they claim was his personal account information, along with the account information of several thousand customers, Digiato said.

Among the most significant revelations was the account of Gen. Hassan Pelarak, a former senior commander of the Islamic Revolutionary Guard Corps Quds Force and associate of the force's late commander, Qasem Soleimani.

Pelarak, who had the second-largest balance at Bank Sepah with 634 billion tomans (approximately $150.89 million), has a history of sanctions evasion and supporting Islamic Republic-backed militias, the Independent Persian reported.

He was blacklisted by the United States in March 2020 for acting, or purporting to act, on behalf of the IRGC-QF, including by transferring weapons to Yemen.

The US Treasury said Soleimani had chosen Pelarak "to serve as his special assistant on an IRGC-QF-led committee focused on sanctions evasions activity."

During his years supervising projects at the Headquarters of Reconstruction of Holy Shrines (HRHS), Pelarak oversaw millions in funds allocated for Iraqi Shia shrine repairs with no clear accounting, according to Iran Wire.

Abuse of power

Pelarak's position at HRHS created the perfect cover for embezzlement, security analysts told Pishtaz, noting this latest hack -- once of a number of recent breaches -- reveals the vulnerability of the Iranian regime's banking system.

The breach also shows how military officials have exploited their positions while regular citizens' savings become increasingly insecure, they said.

As the leaked records expose military officials' massive accounts, ordinary Iranians face a currency that has plummeted to 1,039,000 IRR/US dollar.

The bank's effort to suppress media coverage through legal action reveals a pattern of covering up financial misconduct, the analysts added.

Bank Sepah has been under US sanctions since 2007 as "the financial linchpin of Iran's missile procurement network," serving as a platform for the Iranian Ministry of Defense and Armed Forces Logistics to pay its agents abroad.

In March 2019, the Central Bank of Iran strengthened military control over the financial sector by merging five military-owned institutions into Bank Sepah.

They are IRGC-controlled Ansar and Mehr Eghtesad banks, police-owned Ghavamin Bank, army-controlled Hekmat Iranian Bank and the Defense Ministry's Kowsar Financial Institute.

The Central Bank described the consolidation as "an important step in protecting the stability and health of Iran's banking system," according to Iran International.