• Gonjeshke Darande是一个与以色列有联系的秘密黑客组织，通过高影响力的网络攻击针对伊朗基础设施。
• 除了Nobitex加密货币交易所外，该组织还没收了伊朗国有银行Sepah银行。
• 该组织已活跃至少5年，此前针对伊朗的钢铁厂和铁路系统，标志着网络战的战线不断扩大。

以色列-伊朗战争本周升级，一个名为Gonjeshke Darande的亲以色列黑客组织利用伊朗最大的加密货币交易所Nobitex窃取了近9000万美元。

The group later burned all of the funds, framing the hack as a politically motivated attempt to disrupt Iran’s ability to evade sanctions via crypto. But who are Gonjeshke Darande?

关于神秘的“捕食麻雀”的一切

贡热什克·达兰德, or 掠食者麻雀, is a highly sophisticated, politically motivated cyberattack group. Security analysts and government officials believe they are strong links to Israel. 

他们的攻击通常针对伊朗基础设施、金融系统和与政府相关的实体。

虽然以色列尚未正式声称对Gonjeshke Darande的行动负责，但安全公司和情报界普遍认为该组织与以色列有关联。

这是由于他们的目标、方法和公开的政治信息。

“Gonjeshke Darande”这个名字的含义

• “贡杰什克·达兰德” translates literally to “掠食者麻雀” in Farsi.
  
• The term symbolizes a small yet fierce bird capable of surprising attacks, a fitting metaphor for a hacker group conducting sudden, targeted cyber strikes.
  
• Their choice of a distinctly Iranian name likely serves both to mock Iranian cybersecurity defenses and to deliver symbolic messaging directly to the Iranian regime.
  

与Gonjeshke Darande有关的网络攻击历史

Gonjeshke Darande拥有相对短暂但重要的有影响力的网络行动历史，主要针对伊朗基础设施和金融系统：

2025年6月：Nobitex加密货币交易所攻击

据BeInCrypto报道，该组织入侵了伊朗领先的加密货币交易所Nobitex。

Time's up – full source code linked below.

ASSETS LEFT IN NOBITEX ARE NOW ENTIRELY OUT IN THE OPEN.
بازمانده دارایی های شما در نوبیتکس هم اکنون در معرض دید و خطر هستند

But before that, lets meet Nobitex from the inside:

Exchange Deployment (1/8) pic.twitter.com/jiMfBpNXwd

— Gonjeshke Darande (@GonjeshkeDarand) June 19, 2025

Funds were transferred to vanity wallets with anti-IRGC (Islamic Revolutionary Guard Corps) messages, rendering the crypto permanently inaccessible.

Also, Nobitex was suspected by the West of being involved in money laundering and sanctions evasion.

2025年5月：塞帕银行遭到袭击

Shortly before the Nobitex attack, Gonjeshke Darande compromised systems at 赛帕银行. This is a state-owned Iranian bank.

More notably, they disrupted banking services and leaked sensitive financial data online. The aim was to expose Iranian government financial dealings and disrupt state-backed economic activities.

2022年10月：伊朗钢铁厂遇袭

• Gonjeshke Darande previously gained significant international attention after attacking three major Iranian steel factories: Khuzestan Steel Company, Mobarakeh Steel Company, and Hormozgan Steel Company.
  
• 他们公开声称对此负责，并发布了显示钢铁厂起火的视频，给伊朗造成了物质和经济损失和尴尬。

#针对伊朗钢铁行业的网络攻击pic.twitter.com/BW7TR9Env7

— Gonjeshke Darande (@GonjeshkeDarand) June 27, 2022

2021年7月：伊朗铁路遭到袭击

• The group hacked Iranian Railways’ digital information systems, causing train delays, disruptions, and posting mocking messages on display boards across the country.
  
• This attack humiliated Iranian cybersecurity officials and demonstrated the group’s willingness to target critical civilian infrastructure.
  

数字足迹和策略

该组织在公众中保持低调，但它发布了声称对此负责的高质量视频、网站和在线消息。他们的数字指纹通常包括：

• 虚荣钱包和污损: Attackers use crypto vanity addresses embedded with political messages against the Iranian regime.
  
• 社交媒体和电报消息: They frequently post announcements, videos, and leak documents via anonymous Telegram channels, sharing proof of successful operations.
  
• 高质量视频发布: Unlike typical anonymous hacker groups, Gonjeshke Darande releases professionally edited videos showcasing cyberattack results, hinting at substantial financial backing and operational sophistication.
  

1/ A hacking group that The Times of Israel says has been “previously been linked to Israel” is claiming responsibility for a cyberattack on Monday that “paralyzed gas stations across Iran.” 🇮🇱🇮🇷

It's called “Gonjeshke Darande,” or “predatory sparrow.”

Some more quotes from the… pic.twitter.com/Slhd2HleBN

— Decensored News (@decensorednews) December 18, 2023

归因和与州政府的链接

网络安全公司SentinelOne和Check Point Research等分析机构建议以色列可能是Gonjeshke Darande背后的国家赞助商。

然而，以色列既没有证实也没有否认这些说法。

伊朗正式指责以色列和以色列情报机构摩萨德策划了这些网络攻击。但同样，这些指控还没有确凿的证据。

网络安全研究人员预计，Gonjeshke Darande将继续对伊朗目标发动高影响的网络攻击，特别是如果地缘政治紧张局势继续升级的话。

令人担忧的是，加密货币交易所和伊朗国家关联银行仍然是主要潜在目标。

由于该集团的先进能力和资源，网络安全分析师在全球范围内密切监控其活动。

总体而言，如果当前的冲突持续时间更长，可能会对网络战和国家支持的数字冲突产生更广泛的影响。