The Justice Department said on Wednesday that three Iranian citizens in the United States had been charged with ransomware attacks that targeted energy companies, local governments and small businesses and nonprofits, including a domestic violence shelter.
The charges accuse the hacking suspects of targeting hundreds of entities in the US and around the world, encrypting and stealing data from victim networks and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments are made. In some cases, the victims have made those payments, the department said.
The Biden administration has attempted to go after hackers who have essentially taken US targets hostage, often sanctioned or protected by adversaries. The threat was particularly notable in May 2021 when a Russian-based hacker group was accused of carrying out a ransomware attack on the Georgia-based colonial pipeline, which disrupted gas supplies along the east coast.
Iran-based hackers have also been a focus for the past year, with the FBI thwarting a planned cyber attack on a children’s hospital in Boston allegedly carried out by hackers sponsored by the Iranian government.
“The cyber threat facing our country is becoming more dangerous and complex every day,” FBI Director Christopher Wray said in a statement accompanying the indictment released Wednesday. “Today’s announcement makes it clear that the threat is both local and global. It’s one we can’t ignore and it’s one we can’t fight alone.”
The hackers named in Wednesday’s indictment allegedly worked not on behalf of the Iranian government but instead for their own financial gain, and some victims were even in Iran, according to a senior Justice Department official who told reporters about informed the case on condition of anonymity under the rules of the game established by the department.
But the official said the activity, even if not led by the Iranian government, exists because the regime allows hackers to operate largely with impunity.
In a related action, the Ministry of Finance’s Office of Foreign Assets Control on Wednesday sanctioned 10 individuals and two entities affiliated with Iran’s Islamic Revolutionary Guard Corps, who have allegedly been involved in malicious cyber activities, including ransomware. The Treasury Department identified the three defendants in the Justice Department’s case as employees of technology companies it believes have ties to the Revolutionary Guards.
John Hultquist, vice president for threat intelligence at the cybersecurity firm Mandiant, said his team has been tracking the Iranian actors for some time and assessed them as contractors for the Revolutionary Guards who breed as criminal hackers. He said they are especially dangerous because “any access they get could be used for espionage or disruptive purposes.
The actions come amid an apparent stalemate in US-Iran talks over the possible revival of a 2015 nuclear deal. Israel and some US lawmakers from both sides are urging the Biden administration to crack down on Iran. and call the negotiations on Iran’s nuclear program a failure.
The three accused hackers are believed to be in Iran and have not been arrested, but the Justice Ministry official said the pending charges make it “functionally impossible” for them to leave the country.
The case was filed in federal court in New Jersey, where the victims included a municipality and an accounting firm.
The alleged hacking took place between October 2020 and last month, when the sealed indictment was issued. The three defendants – identified as Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari – are accused of exploiting known or disclosed vulnerabilities in software applications to break into the victims’ computer networks.
Prosecutors say the victims were viewed by the defendants as targets of opportunity.
They include a Pennsylvania domestic violence shelter, which, according to the indictment, was extorted from $13,000 to recover the hacked data; electric utilities in Indiana and Mississippi; a provincial government in Wyoming; and a construction company in Washington State.
Copyright 2022 The Bharat Express News. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Interested in Cyber?
Receive automatic notifications for this topic.