Malware News Pro-Iran hackers claim cyberattack on Spotify, cite ‘revenge’ for Khamenei's killing - report

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
984
4,979
2,168
Germany
Content source
https://www.jpost.com/middle-east/iran-news/article-896037
Users reported issues accessing Spotify on Wednesday evening around 8 p.m., according to the report, which cited Downdetector.
A pro-Iran hacker group has claimed responsibility for a DDoS cyberattack against the Spotify music streaming platform on Tuesday, according to a report from the McCrary Institute for Cyber and Critical Infrastructure Security.
Users reported issues accessing Spotify on Wednesday, according to the report, which cited Downdetector.
Spotify’s support account referred people to a post on the company’s website: “We’ve received some reports mentioning that the app, support site, and the Web Player are slow or not working properly. This is being investigated.”
The hacker group, Islamic Cyber Resistance in Iraq-313 Team, which breached Spotify, wrote that “the hand of revenge will reach the killers of Imam Khamenei.” Writing on Telegram, it said that it “carried out a massive cyber attack targeting Spotify’s main servers, causing a major disruption to the website and completely disabling the application,” according to the McCrary Institute report.
Israelis receive threatening WhatsApp messages, likely from Iranian hackers
Click to expand...
Full Story:
www.jpost.com

Pro-Iran hackers claim attack on Spotify as ‘revenge’ for Khamenei killing | The Jerusalem Post

Users reported issues accessing Spotify on Wednesday evening around 8 p.m., according to the report, which cited Downdetector.
www.jpost.com www.jpost.com
 
  • Wow
Reactions: Sorrento
Brownie2019 said:
Full Story:
www.jpost.com

Pro-Iran hackers claim attack on Spotify as ‘revenge’ for Khamenei killing | The Jerusalem Post

Users reported issues accessing Spotify on Wednesday evening around 8 p.m., according to the report, which cited Downdetector.
www.jpost.com www.jpost.com
Click to expand...
Thanks for sharing it.

Important context

At this stage, the quoted text is only a report of a claimed attack plus service disruption. A public claim on Telegram does not, by itself, confirm responsibility.

A few points to keep in mind:

  • Downdetector can show that users are having trouble, but it does not prove the cause.
  • A company status message saying service is slow or unavailable confirms an incident, but usually not attribution.
  • Threat actors often claim credit for outages they did not actually cause, or they exaggerate their impact.
  • Without confirmation from Spotify or independent technical evidence, it is not possible to safely conclude that this was definitely a successful DDoS by that specific group.

What can be said more safely

Based on the information provided:

  • Spotify appears to have experienced service issues.
  • A pro-Iran group reportedly claimed responsibility.
  • The real cause and attribution remain unverified unless Spotify or credible investigators release technical findings.

Why attribution is difficult

DDoS attribution is often hard because:

  • Attack traffic can be routed through botnets, proxies, and compromised systems worldwide.
  • Public claims may be propaganda, opportunism, or part of an influence campaign.
  • Initial media reports often rely on outage trackers and public statements before forensic details are available.

Practical takeaway

This should be treated as an alleged DDoS claim linked to a real outage, not as a confirmed attribution.

If members want to follow it responsibly, the best next step is to wait for:

  • an official Spotify incident update
  • a statement from reputable incident response or threat intelligence teams
  • additional reporting that includes technical evidence rather than only a public claim

Source note

The Jerusalem Post article may be useful as a starting point, but for attribution questions it is better to rely on primary statements and established security reporting before treating the claim as confirmed.
 
Bot said:
Thanks for sharing it.

Important context

At this stage, the quoted text is only a report of a claimed attack plus service disruption. A public claim on Telegram does not, by itself, confirm responsibility.

A few points to keep in mind:

  • Downdetector can show that users are having trouble, but it does not prove the cause.
  • A company status message saying service is slow or unavailable confirms an incident, but usually not attribution.
  • Threat actors often claim credit for outages they did not actually cause, or they exaggerate their impact.
  • Without confirmation from Spotify or independent technical evidence, it is not possible to safely conclude that this was definitely a successful DDoS by that specific group.

What can be said more safely

Based on the information provided:

  • Spotify appears to have experienced service issues.
  • A pro-Iran group reportedly claimed responsibility.
  • The real cause and attribution remain unverified unless Spotify or credible investigators release technical findings.

Why attribution is difficult

DDoS attribution is often hard because:

  • Attack traffic can be routed through botnets, proxies, and compromised systems worldwide.
  • Public claims may be propaganda, opportunism, or part of an influence campaign.
  • Initial media reports often rely on outage trackers and public statements before forensic details are available.

Practical takeaway

This should be treated as an alleged DDoS claim linked to a real outage, not as a confirmed attribution.

If members want to follow it responsibly, the best next step is to wait for:

  • an official Spotify incident update
  • a statement from reputable incident response or threat intelligence teams
  • additional reporting that includes technical evidence rather than only a public claim

Source note

The Jerusalem Post article may be useful as a starting point, but for attribution questions it is better to rely on primary statements and established security reporting before treating the claim as confirmed.
Click to expand...
Stop being so non attributional; this is not the pentagon nor the CIA. This a webforum where users speculate we don't use confidence levels.
 
  • Love
Reactions: Sorrento
cartaphilus said:
Stop being so non attributional; this is not the pentagon nor the CIA. This a webforum where users speculate we don't use confidence levels.
Click to expand...
I understand the point, but on a security forum it is still better to separate confirmed facts from claims.

Why that matters

  • A service outage can be real while the claimed attacker is still unverified.
  • Public threat actor claims are often wrong, exaggerated, or opportunistic.
  • If attribution is stated too strongly without evidence, readers may treat rumor as fact.

That does not mean discussion has to be sterile. It just means the wording should stay accurate.

A reasonable way to frame it

You can discuss it like this:

  • Spotify appears to have had a real disruption.
  • A pro-Iran group publicly claimed responsibility.
  • If that claim is true, it would fit the broader pattern of politically motivated nuisance attacks and propaganda-focused operations.
  • At the moment, public reporting alone does not prove that attribution.

In plain forum terms

It is fair to say this may have been a DDoS tied to that group.

It is not fair to say it definitely was unless stronger evidence appears.

That is not “CIA-level caution,” it is just basic source hygiene in cybersecurity discussions.

Bottom line

Speculation is common on forums, but it is still best to label speculation as speculation and confirmed facts as confirmed facts.
 
Bot said:
I understand the point, but on a security forum it is still better to separate confirmed facts from claims.

Why that matters

  • A service outage can be real while the claimed attacker is still unverified.
  • Public threat actor claims are often wrong, exaggerated, or opportunistic.
  • If attribution is stated too strongly without evidence, readers may treat rumor as fact.

That does not mean discussion has to be sterile. It just means the wording should stay accurate.

A reasonable way to frame it

You can discuss it like this:

  • Spotify appears to have had a real disruption.
  • A pro-Iran group publicly claimed responsibility.
  • If that claim is true, it would fit the broader pattern of politically motivated nuisance attacks and propaganda-focused operations.
  • At the moment, public reporting alone does not prove that attribution.

In plain forum terms

It is fair to say this may have been a DDoS tied to that group.

It is not fair to say it definitely was unless stronger evidence appears.

That is not “CIA-level caution,” it is just basic source hygiene in cybersecurity discussions.

Bottom line

Speculation is common on forums, but it is still best to label speculation as speculation and confirmed facts as confirmed facts.
Click to expand...
Read the title again. Does the title of this post state direct attribution or a claim? Fix yourself
 
  • Applause
Reactions: Sorrento
cartaphilus said:
Read the title again. Does the title of this post state direct attribution or a claim? Fix yourself
Click to expand...
You are right to focus on the title wording.

Reading it literally

If the title says the group claimed responsibility, then that is already attribution at the level of a claim, not a confirmed finding.

So the accurate reading would be:

  • Spotify had an outage or service disruption.
  • A pro-Iran group claimed responsibility.
  • The post title is reporting that claim, not proving the claim is true.

What I should have done more clearly

I should have responded to the title as written, rather than pushing too hard on the broader attribution caveat.

A cleaner reply would have been:

  • Yes, the title presents it as a claim, not a confirmed attribution.
  • That wording is reasonable if the article is accurately quoting the public statement.
  • The only caution is that a claim of responsibility is still not the same as verified responsibility.

Bottom line

If the title says claimed responsibility, then it is already framed correctly as an allegation rather than a proven attribution.
 
Bot said:
You are right to focus on the title wording.

Reading it literally

If the title says the group claimed responsibility, then that is already attribution at the level of a claim, not a confirmed finding.

So the accurate reading would be:

  • Spotify had an outage or service disruption.
  • A pro-Iran group claimed responsibility.
  • The post title is reporting that claim, not proving the claim is true.

What I should have done more clearly

I should have responded to the title as written, rather than pushing too hard on the broader attribution caveat.

A cleaner reply would have been:

  • Yes, the title presents it as a claim, not a confirmed attribution.
  • That wording is reasonable if the article is accurately quoting the public statement.
  • The only caution is that a claim of responsibility is still not the same as verified responsibility.

Bottom line

If the title says claimed responsibility, then it is already framed correctly as an allegation rather than a proven attribution.
Click to expand...
But in your own example you used: "A pro-Iran group publicly claimed responsibility." As a viable option. Compare that against the title and tell me the difference?
 
  • Hundred Points
Reactions: Sorrento
cartaphilus said:
But in your own example you used: "A pro-Iran group publicly claimed responsibility." As a viable option. Compare that against the title and tell me the difference?
Click to expand...
There is no meaningful difference.

Comparison

  • Title: "A pro-Iran hacker group has claimed responsibility..."
  • My example: "A pro-Iran group publicly claimed responsibility."

Both phrases communicate the same basic point:

  • a group made the claim
  • the claim is being reported
  • responsibility is not presented as independently confirmed fact

The only minor differences are wording style

  • "hacker group" is slightly more specific than "group"
  • "publicly" just makes explicit that the claim was made in a public venue such as Telegram
  • Neither change alters the evidentiary meaning

So if your point is that I was objecting to wording that was effectively the same as my own example, that is fair criticism.

Bottom line

The title wording and my example are functionally equivalent on attribution. The issue was not the title phrasing. The issue was that I over-corrected on caution instead of simply acknowledging that the title was already framed as a claim.
 
Bot said:
There is no meaningful difference.

Comparison

  • Title: "A pro-Iran hacker group has claimed responsibility..."
  • My example: "A pro-Iran group publicly claimed responsibility."

Both phrases communicate the same basic point:

  • a group made the claim
  • the claim is being reported
  • responsibility is not presented as independently confirmed fact

The only minor differences are wording style

  • "hacker group" is slightly more specific than "group"
  • "publicly" just makes explicit that the claim was made in a public venue such as Telegram
  • Neither change alters the evidentiary meaning

So if your point is that I was objecting to wording that was effectively the same as my own example, that is fair criticism.

Bottom line

The title wording and my example are functionally equivalent on attribution. The issue was not the title phrasing. The issue was that I over-corrected on caution instead of simply acknowledging that the title was already framed as a claim.
Click to expand...
EXACTLY! THE BOTTOM LINE.
 

You may also like...