A blacklisted Iranian airline with ties to the Islamic Revolutionary Guard Corps said Sunday that it was recently targeted in a cyberattack.
Mahan Air claimed to have thwarted the attack, which it said happens routinely.
“It has already been the target on several occasions due to its important position in the country’s aviation industry,” Mahan Air said in a statement.
The airline said all flights were operating on schedule but that it would update passengers on any future changes.
Mahan Air’s website displayed an error message saying the site couldn’t be reached.
Many customers of Mahan Air across Iran received strange text messages on Sunday. A group calling itself Hoosyarane-Vatan, or Observants of Fatherland, claimed in the mass texts to have carried out the attack.
The group released what it said were internal company documents showing Mahan Air’s links to the Quds Force, the IRGC’s overseas branch.
“We believe the public deserves to know the truth behind this cooperation and the money wasted on IRGC activities abroad while Iranian people suffer at home,” Hooshyarane-Vatan said in a statement on the Telegram messaging app.
It also asserted that even after Mahan detected the hackers on the airline’s computer network, “they never managed to drive us out of there, and our access to their network was never damaged.”
On Hooshyarane-Vatan’s Twitter account the group repeatedly invoked Ahvaz, a majority-Arab region in southwestern Iran that has seen separatist violence.
“Until there is justice for the Ahwaz we will continue to expose the corruption of the regime,” it said.
Mahan Air has been under US sanctions since 2011 for allegedly providing support to the Quds Force. The airline has been linked to alleged shipments of arms from Iran to Shiite groups in Syria, including the Hezbollah terror group. Alleged Israeli airstrikes in Syria have been thought to target Mahan Air weapons shipments in the past.
The airline’s announcement came amid a years-long cyberwar between Israel and Iran that has occasionally bubbled to the surface.
Last month, Iran accused Israel of being behind a cyberattack on the country’s gas stations, knocking them out of service for a week. Without naming a specific country, Iranian President Ebrahim Raisi blamed the hack on anti-Iranian forces seeking to sow disorder and disruption.
Days later, an Iranian-linked hacking group, Black Shadow, targeted an Israeli hosting company, temporarily shutting down a number of websites and stealing user data from “Atraf,” an Israeli LGBT dating site.
Black Shadow also stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.
Agencies contributed to this report.