Predatory Sparrow, also known as Gonjeshke Darande, has accepted full responsibility for last month's cyberattacks on various Iranian steel factories and has now posted the first batch of top-secret papers on its Twitter account.
The group distributed a cache of around 20 terabytes of data. It includes company paperwork revealing the steel plants' links to Iran's strong Islamic Revolutionary Guard Corps.
The group stated in a series of tweets in both English and Persian that the cache was only the beginning of what will be disclosed.
While claiming responsibility for the June 27 attack, the group also posted a photo and video purportedly showing damage to equipment at the state-owned Khouzestan Steel Company, one of Iran's biggest steel manufacturing factories.
Although both the steel firm and the Iranian government denied any serious impact, sources suggest that the attack hampered industrial operations.
The Predatory Sparrow group explained that the attacks were carried out with caution in order to safeguard innocent people. The group also stated that the hacks were in reaction to the Islamic Republic's actions.
The group goes on to say that the enterprises were targeted by international sanctions and that they will continue to operate despite the limitations.
Regardless of Predatory Sparrow's insistence that the attacks are autonomous, it is suspected that the Israeli government is supporting the hacktivist group, given the sophistication of the operation, the nature of the attacks, and the message preceding, during, and after what looks to be an attack.
Aside from the steel facilities attack, the Predatory Sparrow group has claimed responsibility for other digital attacks on key Iranian targets, including the one that crippled Iran's state-controlled gasoline distribution in October 2021 and the one that hit the Iranian railway system in August 2021.
While the Iranian government continues to deny the group's accusations, each cyber strike raises new concerns.