A cyberattack has disrupted services at four major Iranian banks after attackers targeted a shared communications infrastructure used across the institutions. The affected banks are Bank Melli Iran, Bank Tejarat, Bank Saderat Iran, and the Export Development Bank of Iran.
The incident temporarily affected mobile banking, online banking, ATMs, point-of-sale terminals, and some card services, highlighting how a single shared digital layer can create cascading disruption across multiple financial institutions. Iranian authorities said technical teams detected unusual activity and moved quickly to isolate affected systems and contain the incident.
Limited Scope, But Broad Disruption
Iran’s banking coordination council said the attack was limited in scope and that no unauthorized access to customer information has been identified so far. Officials also said no data appears to have been deleted, and that the disruption was centered on the shared communications network rather than the core banking databases themselves.
That distinction matters because the event appears to have been an operational outage rather than a confirmed data breach. Even so, the outage was enough to interrupt day-to-day banking functions for customers across several major institutions at once.
Why Shared Infrastructure Is a Risk
The attack underscores a major weakness in modern financial systems: interconnected infrastructure can improve efficiency, but it can also amplify risk. When several banks depend on the same communications layer, a single successful intrusion or disruption can cascade across the network and affect services far beyond one institution.
Cybersecurity specialists say such incidents are increasingly being used not only for financial theft, but also for disruption, pressure, and psychological impact. In that sense, even a limited attack can create outsized damage if it interrupts trust in essential banking services.
Restoration and Investigation
Authorities and bank technical teams are now working to restore services and investigate the attack path in detail. Reports indicate that some services have already begun coming back online, while forensic analysis continues to determine the cause and the full extent of the incident.
For Iran’s banking sector, the episode is another reminder that digital resilience now depends as much on securing shared infrastructure as on protecting individual bank systems.
